A self-replicating npm package has triggered one of the largest spam floods ever observed in an open-source ecosystem, generating over 100,000 packages and rapidly accelerating in volume every few seconds. Security analysts warn that while the packages are not currently malicious, the scale, automation, and replication behavior create significant supply-chain risks if a harmful payload is ever introduced.
Worm-Like Behavior Creates Massive Registry Flooding
The campaign, dubbed IndonesianFoods due to its naming pattern combining random Indonesian names with food terms, has been spreading through npm at an unprecedented rate. According to Sonatype, the worm publishes a new package roughly every seven seconds, with the total count surpassing 100,000—and still climbing.
“This attack has overwhelmed multiple security data systems, demonstrating unprecedented scale,” said Garret Calpouzos, principal security researcher at Sonatype.
He noted that Amazon Inspector flagged the activity through OSV advisories, resulting in an avalanche of alerts. Sonatype alone recorded 72,000 new vulnerability advisories in a single day linked to the campaign’s package replication.
Despite the volume, researchers emphasize that IndonesianFoods does not currently include malicious features such as credential theft, backdoors, or developer-side execution attacks. Instead, its behavior indicates an intent to strain the ecosystem, disrupt automated scanning systems, and potentially prepare a foothold for more dangerous follow-on activity.
“The motivation is unclear, but the implications are striking,” Calpouzos added.
Financial Incentive Emerges Through TEA Protocol Abuse
Security researcher Paul McCarty first flagged the campaign and created a live tracker cataloging the offending publishers and their expanding list of packages. Subsequent analysis by Endor Labs revealed an unexpected financial angle: the attackers appear to be exploiting the TEA Protocol, a blockchain-based incentive system that rewards open-source contributions with tokens.
Some IndonesianFoods packages include tea.yaml files listing TEA wallet addresses, suggesting the attackers attempted to artificially boost their contribution scores—earning more TEA tokens by flooding the ecosystem with interconnected packages.
Endor Labs reports the campaign has been evolving for years:
- 2023: 43,000 spam packages published
- 2024: TEA monetization functionality added
- 2025: Worm-like replication loop introduced
This long-running pattern indicates a combination of financial motivation and ecosystem manipulation rather than a traditional malware campaign.
Part of a Growing Trend of Automated Supply-Chain Attacks
The IndonesianFoods incident mirrors several emerging large-scale, automation-driven attacks affecting open-source ecosystems. Recent examples include the GlassWorm attack on OpenVSX, the Shai-Hulud dependency confusion worm, and the compromise of widely used npm packages such as chalk and debug.
These events share a common thread: attackers increasingly leverage automated tooling and scale to overwhelm registries, disrupt trust mechanisms, and create conditions where more serious malware could slip through unnoticed.
Although the IndonesianFoods packages are not harmful today, Sonatype warns that such high-volume activity lowers visibility and increases the likelihood that sophisticated attackers could insert malicious updates into the supply chain during the chaos.
As the spam wave continues, developers and organizations relying on npm face challenges in monitoring dependency health and maintaining stable software builds. The vast number of new packages also increases noise for automated scanners, vulnerability databases, and supply-chain monitoring systems.
To reduce exposure, security teams are advised to:
- Pin and lock dependency versions
- Monitor for abnormal publishing behavior in upstream dependencies
- Enforce strict digital signature validation
- Maintain SBOMs to track supply-chain modifications
- Restrict automated installation of new packages in CI/CD pipelines
The IndonesianFoods worm demonstrates that large-scale, automated supply-chain disruption—once theoretical—has become a practical reality across major open-source ecosystems.
