Attack  ·  Glossary

Mastra npm scope takeover

A June 2026 supply chain attack in which an adversary gained control of a former contributor's npm (JavaScript package registry) account that had never had its access revoked, then republished the entire Mastra AI agent framework — 144 packages reaching roughly 8 million weekly downloads — with a malicious dependency injected that stole cryptocurrency wallets and developer credentials. The attack illustrates how a single forgotten, unrevoked developer account can compromise an entire open-source AI framework ecosystem. North Korean state-sponsored actor Sapphire Sleet was identified as responsible.
Every organisation whose developers use Mastra packages — or anything that depends on them — is a potential victim of credential and wallet theft; this incident underscores that AI framework dependencies carry the same supply chain risk as any other software component and require the same access hygiene controls.
Snyk — A Forgotten Contributor Account Compromised the Entire Mastra npm Package Scope
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →