As many as 144 npm packages associated with the Mastra namespace (« @mastra/* »), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from JFrog, SafeDep, Socket, and StepSecurity.
« A single npm account (ehindero) mass-published more