Multiple mastra NPM packages compromised

The StepSecurity Threat Intelligence Team has identified that multiple @mastra npm packages have been compromised. The security breach was disclosed in a GitHub issue on the mastra-ai/mastra repository, with the team detailing the attack in a blog post. The incident poses a high-impact security risk to users of the affected packages.

- Notifications /login?return to=%2Fmastra-ai%2Fmastra You must be signed in to change notification settings - Fork 2.2k /login?return to=%2Fmastra-ai%2Fmastra Security: multiple @mastra npm packages compromised 18045 Copy link Copy link Open Labels dependenciesPull requests that update a dependency file https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22dependencies%22 Pull requests that update a dependency file effort:high https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22effort%3Ahigh%22 impact:high https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22impact%3Ahigh%22 security https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22security%22 status: needs triage https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22status%3A%20needs%20triage%22 trio-wp https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22trio-wp%22 Description Summary The StepSecurity Threat Intelligence Team has identified that multiple mastra npm packages have been compromised. https://www.stepsecurity.io/blog/mastra-npm-packages-compromised-using-easy-day-js https://www.stepsecurity.io/blog/mastra-npm-packages-compromised-using-easy-day-js StepSecurity Threat Intelligence Team. Reactions are currently unavailable Metadata Metadata Assignees Labels dependenciesPull requests that update a dependency file https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22dependencies%22 Pull requests that update a dependency file effort:high https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22effort%3Ahigh%22 impact:high https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22impact%3Ahigh%22 security https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22security%22 status: needs triage https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22status%3A%20needs%20triage%22 trio-wp https://github.com/mastra-ai/mastra/issues?q=state%3Aopen%20label%3A%22trio-wp%22 Type Fields Give feedback https://github.com/orgs/community/discussions/189141 No fields configured for issues without a type.