The IndonesianFoods campaign deploys a worm-like propagation method where each fake npm package contains a JavaScript file that users must run manually (for example, node auto.js), triggering an infinite loop that continually creates and publishes new fake packages every 7 to 10 seconds.

GitHub has removed the malicious packages in line with its policies and is prioritizing detections and takedowns, while researchers warn that registry abuse and polluted search results threaten developers and the broader ecosystem.

Operators appear to monetize through the Tea protocol, with TEA tokens and a tea.yaml listing TEA accounts, indicating a reward-based incentive behind the flood rather than traditional data theft or malware execution.

Experts from Endor Labs, SourceCodeRED, and Sonatype describe the campaign as a highly scalable, worm-like self-publishing attack that demonstrates how the open npm ecosystem can be weaponized at scale.

Security researchers caution that current scanners can miss dormant payloads because execution requires user action, creating a blind spot in automated detection and underscoring the need for broader signal analysis.

The attack relies on a self-replicating dependency graph in which packages reference each other as dependencies, driving a rolling flood of downloads and heightened registry resource usage.

A large-scale, financially motivated spam push has flooded npm with tens of thousands of fake packages since early 2024, with estimates reaching up to about 46,000 packages.

The fake packages pose as Next.js projects and are published from a small network of more than a dozen npm accounts, suggesting sustained, coordinated activity over more than two years.

Two variants have been identified: one using Indonesian names and food terms (IndonesianFoods) and another using random English words, both requiring manual execution to evade automatic detection during installation.