A large-scale attack is flooding the npm open source registry with thousands of fake packages. The goal? To steal tokens from developers using the Tea Protocol, a blockchain-based reward system for open source work. This campaign has grown rapidly, with researchers at Amazon estimating over 150,000 infected packages. Sonatype, a software supply chain company, confirms the number has now reached around 153,000.

This isn’t just about stealing tokens—other hackers are watching closely. They could use similar methods to inject malware or hijack projects. When Sonatype first reported on this a year ago, there were just 15,000 suspicious packages from a single person. Now, the scale is massive, making it one of the biggest package flooding events ever seen in open source.

Understanding the Tea Protocol and the Attack Method

The Tea Protocol is designed to reward open source developers with tokens called Tea, which are linked to a blockchain. Developers embed code that connects their apps to the blockchain, and the more downloads their apps get, the more Tea tokens they earn. These tokens are supposed to have real value once the platform’s Mainnet launches, allowing for actual trading.

However, the current attack is a scam. Bad actors upload fake packages that appear popular, tricking the system into awarding them tokens. Although these tokens are worthless now, the hackers are positioning themselves to profit once the tokens gain monetary value. They hope to cash out on the mainnet, turning stolen tokens into real cryptocurrency.

Why This Is a Growing Concern for Open Source Security

The campaign highlights a bigger problem: open source repositories are increasingly vulnerable to attacks. Cybersecurity experts warn that such malware infestations could undermine trust in critical platforms like npm and PyPI. Dmitry Raidman, CTO of Cybeats, points out that these attacks are spiraling out of control, with malicious code spreading rapidly and exploiting developer tokens to hijack packages and spread malware.

Raidman cites the Shai-Hulud worm’s quick takeover of npm as a stark example. Within hours, attackers pushed malicious versions of packages that stole SSH keys, tokens, and cryptocurrencies. These attacks can spread fast and cause widespread damage before defenders can respond. Just last September, Raidman reported on malicious versions of the Nx build system, which led to global developers unknowingly pulling in harmful code.

This is just the start, Raidman warns. Unless open source maintainers and developers tighten security, these threats will only get worse. The goal is to prevent bad actors from hijacking the supply chain, which could have serious consequences for both open source and commercial projects.

Steps to Protect Open Source Projects and Repositories

Experts recommend several practical steps. First, repositories should limit who can upload code, using multi-factor authentication to prevent stolen credentials. Digital signing of uploaded packages can also verify the author’s identity. Developers should always require a software bill of materials (SBOM), so security teams can see all components in an app.

It’s also important to ensure only approved versions of open source code are used—automatic updates can introduce risks. Security tools that detect and block malicious downloads are crucial because traditional antivirus software often isn’t enough. These tools can monitor for suspicious activity, such as rapid publishing or cloned code, which often signals automated abuse.

Researchers from Amazon suggest deploying advanced detection systems that look for malicious patterns. Monitoring the speed of package publishing, verifying author identities more strictly, and flagging packages from accounts linked to malicious activity can help catch the bad guys early. Implementing “guilt by association,” where suspicious packages or accounts get extra scrutiny, is also recommended.

For organizations, protecting developer devices and automated pipelines is vital. Malware can hide in code or be introduced through compromised developer laptops or CI/CD tools. Traditional security measures like endpoint detection and response (EDR) tools might not catch malicious packages.

Some security experts have developed open source tools to help. For example, a project called opensourcemalware.com maintains a database of malicious packages, which can be checked before using a package. Another tool, MALOSS, automatically scans repositories and CI/CD pipelines for malicious content. These solutions give organizations more control and visibility.

Ultimately, the rise of these supply chain attacks shows that the open source community needs stronger security practices. While many tools and strategies exist, awareness and proactive measures are key to preventing future breaches. As hackers get more sophisticated, so must the defenses to keep open source safe and trustworthy.

Inspired by

• https://www.infoworld.com/article/4090561/worm-flooding-npm-registry-with-token-stealers-still-isnt-under-control.html

Sources

• gmpg.org
• sonatype.com
• sonatype.com
• csoonline.com
• cisa.gov