Malicious ‘IndonesianFoods’ Worm Floods npm With 100K Packages
▼ Summary
– A self-spreading npm package called ‘IndonesianFoods’ automatically publishes thousands of junk packages using Indonesian names and food terms, with over 100,000 packages created so far.
– Although currently non-malicious, the packages could be updated to include dangerous payloads, posing a potential supply-chain security risk.
– The campaign has overwhelmed security systems, generating 72,000 vulnerability advisories in one day and disrupting the npm ecosystem through its scale and automation.
– Attackers appear to have a financial motive, using interconnected packages to inflate impact scores and earn TEA tokens from a blockchain reward system for open-source contributions.
– Security experts advise developers to lock dependency versions, monitor publishing patterns, and implement strict digital signature validation to protect against such attacks.
A significant security incident has disrupted the npm registry, where a self-propagating package known as ‘IndonesianFoods’ has flooded the platform with more than one hundred thousand junk packages. This automated worm generates new entries every few seconds, using random combinations of Indonesian names and food-related terms. While these packages currently lack harmful code that could compromise developer systems, experts warn the situation could change abruptly if the attackers decide to deploy a malicious update.
Security analyst Paul McCarty first identified the spam campaign and set up a tracking page to monitor the publishers and their rapidly increasing package counts. According to Sonatype, the same threat actors attempted a similar attack in September with a package called ‘fajar-donat9-breki,’ but it failed to replicate successfully.
Garrett Calpouzos, a principal security researcher at Sonatype, stated that the attack has overwhelmed multiple security data systems due to its unprecedented scale. Amazon Inspector is flagging these packages through OSV advisories, leading to a massive influx of vulnerability reports. In just one day, Sonatype’s database recorded 72,000 new advisories. Calpouzos noted that the primary goal of IndonesianFoods does not seem to be infiltrating developer machines, but rather stressing the ecosystem and disrupting the world’s largest software supply chain.
A report from Endor Labs revealed that some packages in the campaign appear to exploit the TEA Protocol, a blockchain-based system that rewards open-source contributions with cryptocurrency tokens. By releasing thousands of interconnected packages, attackers artificially boosted their impact scores to earn more TEA tokens, pointing toward a financial motivation behind the spam.
Endor Labs also reported that this spam campaign actually began two years ago. In 2023, 43,000 packages were added, followed by the implementation of TEA monetization in 2024, and the introduction of the worm-like replication loop in 2025.
The IndonesianFoods incident is part of a broader trend of automated, large-scale attacks targeting open-source ecosystems. Similar campaigns include the GlassWorm attack on OpenVSX, the Shai-Hulud worm using dependency confusion, and hijacks of widely used packages like chalk and debug. While these events have so far caused limited direct harm, they signal a dangerous shift where attackers use automation and scale to overwhelm defenses.
Sonatype has cautioned that such high-volume, low-complexity operations create ideal conditions for threat actors to introduce more dangerous malware into open-source software supply chains. As the attack continues, developers are urged to lock down dependency versions, monitor for unusual publishing activity, and enforce strict digital signature validation policies.
In a recent update, AWS researchers published their own findings, reporting the identification of over 150,000 packages associated with the campaign on npm.
(Source: Bleeping Computer)
