easy-day-js

easy-day-js npm typosquat and related software supply chain security coverage.

AI
Developer Tools
Security

Mastra npm Compromise Turns AI Agent Frameworks Into a Supply-Chain Target

Attackers republished more than 140 Mastra npm packages with a poisoned easy-day-js dependency, exposing AI agent developers to an install-time remote payload. Teams that installed affected @mastra packages on June 17 should treat developer machines and CI runners as compromised.

Zero-Day
xAI
WWDC 2026
WWDC 2021
WWDC
World Cup 2026
Work IQ
Wireless
Windows Security
Windows AI

June 17, 2026