Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results