# Multiple mastra NPM packages compromised

> Source: <https://github.com/mastra-ai/mastra/issues/18045>
> Published: 2026-06-17 02:10:51+00:00

-
[Notifications](/login?return_to=%2Fmastra-ai%2Fmastra)You must be signed in to change notification settings -
[Fork 2.2k](/login?return_to=%2Fmastra-ai%2Fmastra)

# Security: multiple @mastra npm packages compromised #18045

Copy link

Copy link

Open

Labels

[dependenciesPull requests that update a dependency file](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22dependencies%22)Pull requests that update a dependency file

[effort:high](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22effort%3Ahigh%22)

[impact:high](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22impact%3Ahigh%22)

[security](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22security%22)

[status: needs triage](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22status%3A%20needs%20triage%22)

[trio-wp](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22trio-wp%22)

## Description

## Summary

The StepSecurity Threat Intelligence Team has identified that multiple mastra npm packages have been compromised.

[https://www.stepsecurity.io/blog/mastra-npm-packages-compromised-using-easy-day-js](https://www.stepsecurity.io/blog/mastra-npm-packages-compromised-using-easy-day-js)

StepSecurity Threat Intelligence Team.

Reactions are currently unavailable

## Metadata

## Metadata

### Assignees

### Labels

[dependenciesPull requests that update a dependency file](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22dependencies%22)Pull requests that update a dependency file

[effort:high](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22effort%3Ahigh%22)

[impact:high](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22impact%3Ahigh%22)

[security](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22security%22)

[status: needs triage](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22status%3A%20needs%20triage%22)

[trio-wp](https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22trio-wp%22)

### Type

### Fields

[Give feedback](https://github.com/orgs/community/discussions/189141)

No fields configured for issues without a type.