All @mastra/agent-builder versions
@mastra/agent-builder @1.0.42
This package is currently experimental and only meant to be used internally to Mastra at the moment, the APIs are subject to change in this period.
Maintainers
Keywords
Dependencies (15)
| Package | Constraint | Registry Status |
|---|---|---|
| ignore | ^7.0.5 | auto_approved |
| semver | ^7.7.4 | auto_approved |
| @ai-sdk/xai | ^1.2.18 | No greenflagged match |
| easy-day-js | ^1.11.21 | auto_approved |
| @ai-sdk/groq | ^1.2.9 | No greenflagged match |
| @ai-sdk/google | ^1.2.22 | No greenflagged match |
| @ai-sdk/openai | ^1.3.24 | auto_approved |
| @ai-sdk/xai-v5 | npm:@ai-sdk/[email protected] | No greenflagged match |
| @mastra/memory | 1.20.3 | auto_approved |
| @ai-sdk/groq-v5 | npm:@ai-sdk/[email protected] | No greenflagged match |
| @ai-sdk/anthropic | ^1.2.12 | auto_approved |
| @ai-sdk/google-v5 | npm:@ai-sdk/[email protected] | No greenflagged match |
| @ai-sdk/openai-v5 | npm:@ai-sdk/[email protected] | No greenflagged match |
| @ai-sdk/anthropic-v5 | npm:@ai-sdk/[email protected] | No greenflagged match |
| @mastra/schema-compat | 1.2.11 | auto_approved |
Dev Dependencies (15)
| Package | Constraint | Registry Status |
|---|---|---|
| zod | ^4.4.3 | auto_approved |
| tsup | ^8.5.1 | auto_approved |
| ai-v5 | npm:[email protected] | No greenflagged match |
| eslint | ^10.4.1 | auto_approved |
| vitest | 4.1.5 | No greenflagged match |
| @vitest/ui | 4.1.5 | auto_approved |
| typescript | ^6.0.3 | auto_approved |
| @types/node | 22.19.15 | auto_approved |
| @mastra/core | 1.42.0 | auto_approved |
| @types/semver | ^7.7.1 | auto_approved |
| @internal/lint | 0.0.104 | Not imported |
| typescript-eslint | ^8.57.0 | auto_approved |
| @internal/ai-sdk-v5 | 0.0.51 | Not imported |
| @vitest/coverage-v8 | 4.1.5 | auto_approved |
| @internal/types-builder | 0.0.79 | Not imported |
Transitive Dependency Tree
Changes from v1.0.40
Dependency Changes
| Change | Package | Version |
|---|---|---|
| added | easy-day-js | ^1.11.21 |
| changed | @mastra/memory | 1.20.2 → 1.20.3 |
| changed | @ai-sdk/anthropic-v5 | npm:@ai-sdk/[email protected] → npm:@ai-sdk/[email protected] |
File Changes
Risk Dispositions (2 applicable to this version, 0 other)
Accepted rules are downgraded to INFO on future analyses; rejected rules escalate to CRITICAL.
| Rule | Source | Disposition | Author | Reason | |
|---|---|---|---|---|---|
regressed-provenance |
provenance | reject | AI | AI (provenance): Provenance regression on a package with CI/CD history is a strong compromise indicator; generalizes to future versions until CI publishing is restored. | |
unvetted-dep:easy-day-js |
dependencies | reject | AI | AI (dependencies): Newly added unvetted dep that is also a phantom dep (not actually imported) — suspicious addition with no clear purpose. |
SAST Findings (2)
This version was published without provenance, but prior versions were published via CI/CD with attestations. This is a strong signal of a potential account compromise or unauthorized publish. The axios attack (March 2026) exhibited exactly this pattern.
This version was published by a different npm account (ehindero) than the most recent previously approved version (GitHub Actions) on 2026-06-17, but ehindero is listed as a maintainer on prior approved versions (matched on name). This looks like a manual publish by a known maintainer rather than a publisher change. Recorded as INFO for audit trail.
Review Summary
Risk score: 58. Findings: 1 high (+25), 3 medium (+30), 1 low (+3), 13 info (+0).
Published to npm: