Mastra Got Hacked. Here's What We Learned
Mastra got hacked. In this special edition of Security Corner, Shane Thomas and Abhi Aiyer break down exactly what happened when a supply chain attack hit Mastra's npm packages — an attack that appears to trace back to hackers in North Korea. They're joined by Ismail Pelaseyed, co-founder and CTO of Superagent, for the outside view on how these campaigns actually work.
Guests in this episode

Ismail Pelaseyed
SuperagentWatch on
Episode Transcript
Intro: a special Security Corner
The supply chain attack on Mastra
How they got in: a fake Teams call
The npm account takeover
EasyDjS and the scramble to fix it
Why success makes you a target
How AI supercharges phishing
Hardening against compromised contributors
Open source under strain: IBM's $5B bet
npm and PyPI keep dropping the ball
Inside the fake package, and how Socket caught it
The fear-selling problem in security
Superagent!
More episodes
- July 15, 2026Three Models Drop: Grok 4.5, Meta Muse & GPT-5.6 Sol (Which Nuked a Business) | This Week In AI
- July 9, 2026Is Sonnet 5 Even Worth It? Plus: Fable's Back, and War on Tokenmaxxing | This Week In AI
- July 7, 2026The Software Factory: Dex Horthy on Shipping Fast Without AI SlopDex Horthy
- July 2, 2026GPT-5.6 Needs Government Approval Now, npm Finally Gets More Security, and Fable Returns