More than 140 npm packages in Mastra AI were compromised by North Korean hacker group Sapphire Sleet, exploiting supply chains as an attack surface.