Cybersecurity researchers have uncovered a large-scale spam campaign called IndonesianFoods, flooding the npm registry with over 67,000 fake packages designed to overwhelm the ecosystem. The campaign employs a worm-like propagation mechanism, exploiting manual script execution to sustain continuous spam uploads, potentially monetizing via the TEA protocol. #IndonesianFoods #npmspam #TEAprotocol
Keypoints
- The campaign has published over 67,000 fake npm packages since early 2024.
- The packages use Indonesian names and mimic Next.js projects to appear legitimate.
- The malicious scripts require manual execution, avoiding automatic detection.
- The campaign’s worm-like structure creates a self-replicating network of dependencies.
- Security scanners currently fail to detect these packages due to their dormant, non-executing nature.
Read More: https://thehackernews.com/2025/11/over-46000-fake-npm-packages-flood.html