144 npm packages of the Mastra Framework have been infected with an infostealer that steals wallet and browser data during installation, already affecting the heavily-used core package.