144 Mastra npm Packages Compromised via Hijacked Contributor Account

144 Mastra npm Packages Compromised via Hijacked Contributor Account

Notícia de segurança recolhida automaticamente.

As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from JFrog, SafeDep, Socket, and StepSecurity.

"A single npm account (ehindero) mass-published more

Fonte original: Ler artigo completo aqui