Full Report
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort. "The packages were systematically published over an extended period, flooding the npm registry with junk packages that survived in the ecosystem for almost two years," Endor Labs
Analysis Summary
# Incident Report: npm Registry Worm-Like Spam Campaign (IndonesianFoods)
## Executive Summary
Since early 2024, threat actors have executed a massive, financially motivated spam campaign targeting the npm registry, resulting in the publication of nearly 47,000 fake packages. The attack utilized a unique, dormant, worm-like mechanism designed to evade automated security scanning by requiring manual command execution (`node auto.js`). The primary impact is the severe pollution of the software supply chain ecosystem, creating high supply chain risk for developers.
## Incident Details
- Discovery Date: April 2024 (Initial flagging by Phylum and Sonatype), publicly reported November 13, 2025.
- Incident Date: Campaign active since early 2024 (active for almost two years prior to reporting).
- Affected Organization: npm Registry / Global Software Development Ecosystem.
- Sector: Software Development / Open Source Supply Chain.
- Geography: Global (Targeting the npm public registry).
## Timeline of Events
### Initial Access
- Date/Time: Early 2024.
- Vector: Publication of packages to the npm registry.
- Details: Attackers utilized a small network of over a dozen npm accounts to systematically publish packages, staging the effort for over two years.
### Lateral Movement
*Data suggests internal propagation within the registry environment via automated package creation, rather than movement across traditional corporate networks.*
- **Worm Mechanism Activation:** The malicious code is dormant within a JavaScript file (e.g., "auto.js") and requires a user to manually execute it via `node auto.js`.
- **Replication Cycle:** Upon manual execution, the script enters an infinite loop where it removes the `publish` setting from `package.json`, generates a random package name and version, and executes `npm publish`, repeating every 7-10 seconds.
### Data Exfiltration/Impact
- **Goal:** Overwhelming the npm registry with junk packages (up to 17,000 per day), polluting search results, wasting infrastructure resources, and creating generalized supply chain risk. (Specific data theft was not the primary reported goal).
### Detection & Response
- **Detection:** Initially flagged by Phylum and Sonatype in April 2024. Public reporting occurred in November 2025 via Endor Labs.
- **Response actions taken:** Detection and reporting by third-party security researchers; public disclosure aimed at mitigating ecosystem risk. (Specific registry removals were not detailed in the provided text).
## Attack Methodology
- **Initial Access:** Publishing thousands of packages under distinct, patterned names (Indonesian names/food terms) masquerading as Next.js projects. Attackers used over a dozen dedicated npm accounts.
- **Persistence:** The worm payload resides in a JavaScript file bundled within the package, remaining dormant until manually executed.
- **Privilege Escalation:** Not applicable in a traditional sense; privilege involved successfully pushing packages to the public npm repository.
- **Defense Evasion:** The payload is dormant and requires manual execution (`node auto.js`) instead of using autorun hooks (like `postinstall`), significantly reducing detection rates by automated security scanners and sandboxing systems.
- **Credential Access:** Not explicitly mentioned as a primary goal.
- **Discovery:** The execution of the worm involves creating new package names and versions, which can be seen as an internal discovery/enumeration mechanism against the registry rules.
- **Lateral Movement:** Worm-like propagation through the registry via automated publication driven by manual initial activation.
- **Collection:** Not the primary focus, though the mechanism exists to pivot to other malicious behaviors.
- **Exfiltration:** N/A (Primary goal was registry flooding).
- **Impact:** Ecosystem pollution, wasted developer and organization resources, increased supply chain risk exposure.
## Impact Assessment
- **Financial:** Wasted infrastructure resources for the registry and potentially wasted development time for organizations investigating the spam packages. (Specific costs unavailable).
- **Data Breach:** No direct data breach identified; the impact is primarily ecosystem integrity compromise.
- **Operational:** Increased noise and risk within the supply chain, forcing developers to exercise much higher scrutiny when installing packages.
- **Reputational:** Erosion of trust in the cleanliness and security of the npm public registry.
## Indicators of Compromise
- **Network indicators:** N/A (Direct registry publishing activity).
- **File indicators:** Presence of "auto.js" or "publishScript.js" file within npm packages.
- **Behavioral indicators:** Package names following patterns related to Indonesian names and food terms. Manual execution of `node auto.js` against an npm package directory. Publishing rate spikes yielding 12+ packages per minute.
## Response Actions
- **Containment measures:** Unknown/Not detailed, but would involve identification and removal (unpublishing) of the nearly 47,000 malicious packages.
- **Eradication steps:** Removing the compromised npm accounts.
- **Recovery actions:** Communicating the scope of the pollution to developers and encouraging dependency scanning.
## Lessons Learned
- **Sustained, Low-and-Slow Attacks:** Campaigns can be sustained for years even if the initial observable impact is low (dormancy).
- **Evasion via Manual Execution:** Threat actors can effectively evade automated security controls by designing payloads to require non-standard, manual execution steps.
- **Ecosystem Pollution:** The effort needed to clean up a polluted ecosystem (wasting infrastructure and developer trust) can be a viable, financially motivated goal in itself, even without traditional data theft.
## Recommendations
- **Enhanced Registry Auditing:** npm must implement advanced, continuous monitoring to detect high-volume, systematic publishing activity originating from small clusters of accounts or automated scripts that mimic the worm's infinite loop.
- **Mandatory Security Hooks:** Investigate stricter policies regarding package installation scripts, perhaps requiring explicit whitelisting or stricter checks for scripts that run outside of standard lifecycle hooks immediately following installation.
- **Supply Chain Hardening:** Developers should rigorously vet packages, especially those with low download counts or strange naming conventions, and rely on dependency analysis tools for pre-install scanning.