{"slug": "multiple-mastra-npm-packages-compromised", "title": "Multiple mastra NPM packages compromised", "summary": "The StepSecurity Threat Intelligence Team has identified that multiple @mastra npm packages have been compromised. The security breach was disclosed in a GitHub issue on the mastra-ai/mastra repository, with the team detailing the attack in a blog post. The incident poses a high-impact security risk to users of the affected packages.", "body_md": "-\n[Notifications](/login?return_to=%2Fmastra-ai%2Fmastra)You must be signed in to change notification settings -\n[Fork 2.2k](/login?return_to=%2Fmastra-ai%2Fmastra)\n\n# Security: multiple @mastra npm packages compromised #18045\n\nCopy link\n\nCopy link\n\nOpen\n\nLabels\n\n[dependenciesPull requests that update a dependency file](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22dependencies%22)Pull requests that update a dependency file\n\n[effort:high](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22effort%3Ahigh%22)\n\n[impact:high](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22impact%3Ahigh%22)\n\n[security](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22security%22)\n\n[status: needs triage](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22status%3A%20needs%20triage%22)\n\n[trio-wp](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22trio-wp%22)\n\n## Description\n\n## Summary\n\nThe StepSecurity Threat Intelligence Team has identified that multiple mastra npm packages have been compromised.\n\n[https://www.stepsecurity.io/blog/mastra-npm-packages-compromised-using-easy-day-js](https://www.stepsecurity.io/blog/mastra-npm-packages-compromised-using-easy-day-js)\n\nStepSecurity Threat Intelligence Team.\n\nReactions are currently unavailable\n\n## Metadata\n\n## Metadata\n\n### Assignees\n\n### Labels\n\n[dependenciesPull requests that update a dependency file](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22dependencies%22)Pull requests that update a dependency file\n\n[effort:high](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22effort%3Ahigh%22)\n\n[impact:high](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22impact%3Ahigh%22)\n\n[security](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22security%22)\n\n[status: needs triage](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22status%3A%20needs%20triage%22)\n\n[trio-wp](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22trio-wp%22)\n\n### Type\n\n### Fields\n\n[Give feedback](https://github.com/orgs/community/discussions/189141)\n\nNo fields configured for issues without a type.", "url": "https://wpnews.pro/news/multiple-mastra-npm-packages-compromised", "canonical_source": "https://github.com/mastra-ai/mastra/issues/18045", "published_at": "2026-06-17 02:10:51+00:00", "updated_at": "2026-06-17 02:22:54.419718+00:00", "lang": "en", "topics": ["ai-tools", "ai-safety"], "entities": ["StepSecurity", "mastra", "npm"], "alternates": {"html": "https://wpnews.pro/news/multiple-mastra-npm-packages-compromised", "markdown": "https://wpnews.pro/news/multiple-mastra-npm-packages-compromised.md", "text": "https://wpnews.pro/news/multiple-mastra-npm-packages-compromised.txt", "jsonld": "https://wpnews.pro/news/multiple-mastra-npm-packages-compromised.jsonld"}}