Cybersecurity researchers have identified a coordinated spam campaign that has published tens of thousands of fake packages to the npm registry since early 2024, a campaign experts say appears to be financially motivated. Endor Labs researchers Cris Staicu and Kiran Raj highlighted the long-running activity in a report, and SourceCodeRED researcher Paul McCarty, who first flagged the activity, and a related repository show the operation has published as many as 67,579 packages.
The packages follow a distinctive naming pattern based on Indonesian names and food terms, leading researchers to nickname the campaign the IndonesianFoods Worm. The packages often present as Next.js projects and, according to the analysis, were published from a small set of npm accounts in a repeated, automated fashion.
Each malicious package contains a single JavaScript file with names such as “auto.js” or “publishScript.js” that remains dormant until a user explicitly executes it with a command like “node auto.js.” The script removes the [“private”: true] setting from package.json, then proceeds to craft and publish additional packages.
The file runs in an infinite loop that generates random package names and version numbers and issues “npm publish” repeatedly, reportedly creating a new package every seven to 10 seconds. Researchers calculated this pace can produce roughly 12 packages per minute, about 720 per hour or some 17,000 per day.
Researchers said the campaign references other attacker-controlled packages as dependencies, which can force package managers to fetch expanding dependency trees and strain registry bandwidth. The operation has ties to an earlier campaign documented by security firms including Sonatype that abused the Tea protocol, and some spam packages include a tea.yaml file listing TEA accounts and potential reward addresses, suggesting a monetization angle tied to TEA token rewards described in project documentation.
Endor Labs flagged a second variant that uses random English words for package names, and researchers warned the campaign exploits a blind spot in scanners because the malicious code does not run during installation. Sonatype researchers and others described the incident as a large‑scale, self‑publishing worm that amplifies load on security and registry systems.
Investigators said it is not clear who is behind the campaign; code and infrastructure indicators may point to operators working from Indonesia, but attribution remains unconfirmed. The campaign’s apparent focus has been to flood the ecosystem rather than to exfiltrate data or directly compromise developer machines.
A GitHub spokesperson said the company has removed the packages in question from npm and that it disables malicious packages that violate GitHub’s Acceptable Use Policies. The spokesperson also said the company uses a combination of manual review and automated detection to mitigate abuse and encourages community reporting.