Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

144 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
techtimes

AI Coding Agent Skills Library Gives Any Tool 51 Senior Engineer Personas

A free, open-source library called claude-skills has grown into the most comprehensive collection of reusable skill packages for AI coding agents, shipping more than 345 production-ready packages that ...