According to Infosecurity Magazine, security researchers have uncovered a massive npm worm campaign called “IndonesianFoods” that’s been running for over two years and published approximately 43,900 malicious packages. The campaign involves at least 11 npm accounts deploying packages containing malicious scripts named ‘auto.js’ or ‘publishScript.js’ that execute in an infinite loop when manually triggered. SourceCodeRed’s Paul McCarty and Endor Labs researchers found the packages reference each other as dependencies, creating self-replicating networks that could pull in over a hundred related spam packages from installing just one. The mathematics are staggering – each execution publishes about 12 packages per minute, potentially generating 17,000 packages daily. Some packages are already accruing thousands of weekly downloads, and researchers linked the campaign to potential Tea protocol token reward exploitation through artificial ecosystem value inflation.
The concerning math behind the worm
Here’s the thing that really gets me about this attack – the sheer automation scale is mind-boggling. We’re talking about a script that fires every seven seconds, publishing packages in what Endor Labs describes as an “infinite loop.” Basically, if this thing runs for just one day, it could theoretically dump 17,000 packages into the registry. And when you consider there are already 44,000 packages out there, that suggests either multiple victims executed this or the attackers ran it themselves to deliberately flood the system.
But wait, it gets worse. Each spam package includes 8-10 additional spam packages as dependencies. So when you install one, npm automatically fetches this entire dependency tree. You could end up pulling in over a hundred related packages from what seemed like a simple installation. That’s not just annoying – it’s actively wasting registry bandwidth and making cleanup incredibly complex since you have to remove the entire dependency chain.
The Tea protocol financial angle
Now here’s where it gets really interesting. Endor Labs discovered that this campaign appears to be exploiting the Tea protocol’s reward system. The attackers embedded ‘tea.yaml’ files across thousands of spam packages and created circular dependencies to artificially inflate their “impact scores.” This let them claim Tea token rewards for creating fake ecosystem value. One package README even boasted about these earnings – talk about leaving evidence behind!
So we’re not just looking at someone trying to disrupt npm for fun. There appears to be a clear financial motive here. And honestly, that makes this more dangerous because financial incentives tend to create persistent, evolving attacks. If there’s money to be made by gaming these reward systems, we’re going to see more of this, not less.
This isn’t the first rodeo
Security researcher Garrett Calpouzos from Sonatype nailed it when he said “we’re watching the same playbook evolve, but faster.” Remember the GlassWorm malware that showed how quickly packages could self-replicate? Or the chalk/debug hijacking that turned legitimate dependencies into distribution channels? IndonesianFoods is basically the next iteration – a self-publishing worm operating at massive scale.
And that’s what should really worry developers. Each wave of these attacks weaponizes npm’s open nature in slightly new ways. This particular campaign might not be stealing credentials or injecting malicious code (yet), but it’s straining the ecosystem and proving how trivial it is to disrupt the world’s largest software supply chain. The implications are striking even if the immediate damage seems limited to spam and resource waste.
The hidden supply chain threat
Here’s my biggest concern: what happens if the attackers decide to push a malicious update? Thousands of developers have already downloaded these packages, some accruing thousands of weekly downloads. If the attackers suddenly decide to switch from spam to something more sinister, they’ve got a ready-made distribution network. That’s supply chain risk at scale.
Look, npm’s openness is both its greatest strength and its biggest vulnerability. We keep seeing these automated attacks because the barrier to entry is so low. And while the immediate focus might be on cleaning up this particular mess, we need to ask ourselves: how do we prevent the next IndonesianFoods? Because if history is any guide, another one is already in the works.
