Worm flooding npm registry with token stealers still isn’t under control | CSO Online

A coordinated token farming campaign continues to flood the npm registry with tens of thousands of infected packages daily, aiming to steal Tea tokens by inflating download numbers. This worm, dubbed IndonesianFoods, has grown significantly since its initial discovery, highlighting a major crisis in open source supply chain security.