Mastra NPM Supply Chain Attack: 140 Packages Backdoor via easy-day-JS Typosquat
On June 17, 2026, an attacker compromised the @mastra npm organization and added the typosquat package easy-day-js as a dependency across 140+ Mastra AI framework packages, exposing over 1.1 million w…