DefaxonA live map of what's happening on Earth.MetricsGet the data
Technologyunverified · 20%

🚨 140+ Mastra npm packages were compromised in a supply chain attack published under the @​mastra/* namespace, including @​mastra/core (~918K weekly downloads). The attack used easy-day-js, a typosqua

Machine-generated label — not the source headline.

Unverified, machine-classified. This event was auto-detected from a single BLUESKY news source. The title is a machine-generated label — not the article’s headline — and may not reflect the source. Open the source to confirm; treat as a developing signal until verified.
When
Where
Location unknown
Category
cyber · supply_chain_attack

🚨 140+ Mastra npm packages were compromised in a supply chain attack published under the @​mastra/* namespace, including @​mastra/core (~918K weekly downloads). The attack used easy-day-js, a typosquatted dependency, to deliver a cross-platform infostealer. socket.dev/blog/mastra-...

Involved actors & entities

People, organizations and places machine-extracted from the source reporting — they power search and the correlation graph. Extracted automatically, so they can include noise, especially on events still marked unverified.

Sources

Defaxon links out to the original reporting and never republishes article text.

Correlated events

Computed by the Defaxon correlation engine — linked by shared actors, co-location, and temporal proximity. Scored hypotheses, never causal claims.

← Back to the live map