144 Mastra npm Packages Backdoored: What to Check Right Now
An attacker hijacked a dormant contributor account and published malicious versions of 144 packages under the @mastra npm scope between 01:15 and 02:36 UTC, targeting the TypeScript AI agent framework…