SlowMist Alert: Over 140 Mastra npm Packages Hit by Supply Chain Attack

2026-06-17 19:10 Source： x.com Event types： Online/Update 、 Security/Hacker

SlowMist announced that over 140 Mastra-related npm packages were compromised via a supply-chain attack. Affected versions introduce the malicious dependency `[email protected]`, which triggers attacker-controlled code execution during installation.

Related projects

Chain XCN
Hit