RSS

Multiple mastra NPM packages compromised

varunsharma071 pts1 comments

Security: multiple @mastra npm packages compromised · Issue #18045 · mastra-ai/mastra · GitHub

//voltron/issues_fragments/issue_layout" data-turbo-transient="true" />

Skip to content

Search or jump to...

Search code, repositories, users, issues, pull requests...

-->

Search

Clear

Search syntax tips

Provide feedback

--><br>We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Cancel

Submit feedback

Saved searches

Use saved searches to filter your results more quickly

-->

Name

Query

To see all available qualifiers, see our documentation.

Cancel

Create saved search

Sign in

//voltron/issues_fragments/issue_layout;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up

Appearance settings

Resetting focus

You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

{{ message }}

mastra-ai

mastra

Public

Notifications<br>You must be signed in to change notification settings

Fork<br>2.2k

Star<br>25.2k

Security: multiple @mastra npm packages compromised #18045

New issue<br>Copy link

New issue<br>Copy link

Open

Open<br>Security: multiple @mastra npm packages compromised#18045

Copy link

Labels<br>dependenciesPull requests that update a dependency filePull requests that update a dependency fileeffort:highimpact:highsecuritystatus: needs triagetrio-wp

Description

varunsh-coder<br>opened on Jun 17, 2026

Issue body actions

Summary

The StepSecurity Threat Intelligence Team has identified that multiple mastra npm packages have been compromised.

https://www.stepsecurity.io/blog/mastra-npm-packages-compromised-using-easy-day-js

StepSecurity Threat Intelligence Team.

Reactions are currently unavailable

Metadata<br>Metadata<br>Assignees

No one assigned

Labels

dependenciesPull requests that update a dependency filePull requests that update a dependency fileeffort:highimpact:highsecuritystatus: needs triagetrio-wp

Type

No type

Fields<br>Give feedback

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions

You can’t perform that action at this time.

mastra packages compromised requests multiple issue

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

German ruling declares Google liable for false answers in AI Overviews

ahlCVA15 ptsgoogle court search overviews content users
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.