NPM Registry

News and updates related to security incidents and vulnerabilities affecting the Node Package Manager (NPM) registry.

IndonesianFoods-worm Floods NPM Registry

Nov 17, 2025

—

by

Lara De Jong

in Cyber News & Updates

A sophisticated self-replicating ‘IndonesianFoods-worm’ has flooded the npm registry with tens of thousands of malicious packages. This aggressive campaign, documented by SourceCodeRed and JFrog, poses a significant threat to the software supply chain.