Threat Intelligence Report

140+ Mastra npm Packages Compromised in Coordinated Supply Chain Attack

📅 June 17, 2026 📰 socket.dev 🔍 0 CVE(s) referenced

A coordinated supply chain attack compromised over 140 Mastra npm packages by injecting a malicious dependency that, upon installation, deployed a cross-platform infostealer capable of exfiltrating browser history and cryptocurrency wallet data, establishing persistent access, and enabling arbitrary remote code execution on developer and CI systems.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle