.png)
1 hour ago
2
Calling it a "defining moment" in supply chain security, Amazon Inspector researchers on Nov. 13 posted that they identified more than 150,000 malicious packages linked to a coordinated tea.xyz token farming campaign in the npm registry.
The researchers said as part of the campaign, the threat actors automatically generated and published packages to fraudulently earn cryptocurrency rewards without user awareness.
Malicious campaigns like this tea.xyz attack flood open-source registries with non-functional code to exploit the reward mechanisms of projects designed to incentivize developers.
Amazon’s researchers said it’s one of the largest package-flooding incidents in open-source registry history, far surpassing the initial 15,000 packages reported by Sonatype researchers in April 2024.
“The tea.xyz campaign exemplifies a new category of abuse in which the goal is to take advantage of automation, incentives, and trust rather than spread malware,” explained Randolph Barr, chief information security officer at Cequence Security. “By overloading the registry with self-replicating trash, these packages were abusing a reward system rather than stealing credentials. By contaminating the ecosystem, increasing the risk of dependency confusion, and undermining confidence in the open-source supply chain, it still hurts developers.”
Manoj Nair, chief innovation officer at Snyk, added that Amazon’s findings are a reminder that AI-style automation makes it trivial to publish hundreds of thousands of junk or risky packages at scale. Nair said developers should rely on automated dependency-health guards and behavior-based scanning, not manual review.
“Developers should flag low-download packages, template-reused content, and sudden mass-publishing events before they enter the build,” said Nair. “And registry operators must evolve too — proactively detecting bulk uploads, hash-reused templates, and metadata-health anomalies so these campaigns are stopped at the source.”
Michael Bell, chief executive officer at Suzu, said Amazon's detection of 150,000 malicious npm packages in a self-replicating token farming campaign shows why attacking the development pipeline is more efficient than targeting production systems: compromise one widely-used package and attacker can inherit access to every downstream application that depends on it.
“The shift-left trend means defenders need to treat their build pipelines and dependency chains with the same rigor as production infrastructure, implementing automated dependency scanning, maintaining accurate software bills of materials, and using lockfiles to pin dependencies to verified versions rather than accepting automatic updates blindly,” said Bell. “Teams need to validate package authenticity before installation, not after deployment, because by the time malicious code reaches production, you're not preventing an attack, you're responding to a breach.”
