Security firm SlowMist has reported a supply chain attack affecting over 140 npm packages related to Mastra. The compromised packages include a malicious dependency, `easy-day-js@1.11.22`, which executes attacker-controlled code upon installation. This breach highlights ongoing vulnerabilities in software supply chains, emphasizing the need for vigilant security practices among developers and package maintainers.
Over 140 Mastra npm Packages Compromised in Supply Chain Attack
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.