Over the past six months more than 890,000 new packages (as opposed to updates for existing packages) were published on npm, of which between 613,000 and 667,000 – or around 70 percent – were Tea protocol spam, created in the hope of financial reward.

The npm registry of Javascript packages, used constantly by JavaScript and TypeScript developers, is suffering from “an astonishing amount of spam packages,” according to security researchers at Phylum. Most of the spam is related to the Tea protocol, a recent project whose aim is to reward contributors to open source projects.

This is not the first time the Tea protocol, invented by Homebrew creator Max Howell in the hope of improving the open source business model, has caused problems. In March we reported on how popular GitHub repositories were suffering multiple meaningless pull requests from opportunists trying to cash-in on Tea cryptocurrency tokens by pretending to be contributors.

The spam packages are not, in general, malicious, in the sense of installing malware. Nevertheless, “this pollution is a kind of malice, and there are several dangerous avenues that this could turn into,” the researchers say.

One issue is that the spam packages come with spam dependencies, so if a developer installs one, they get many more. Second, AI models may train on these packages, getting garbage input. Third, claims Phylum, they create noise which forms an environment in which malware is less likely to be noticed.

In April this year, Maciej Mensfeld from the RubyGems team commented on a surge of Tea spam affecting the repository. Mensfeld described it as among “exploitation attempts that divert our resources and undermine trust and collaboration within our community.”

Developers hoping to receive tokens via the Tea project have to both register a project repository and publish to a package manager, accounting for the spam in GitHub and in npm or RubyGems. In February, the Tea project posted about steps taken to prevent misuse, including a verification process, but the continuing spam suggests these steps are not yet sufficient.

Although the researchers recognize the good intentions of the Tea protocol, they also maintain that it creates a perverse incentive, meaning that it incentivizes the wrong behavior.

The quantity of spam packages on npm also suggests that the GitHub-owned repository is not doing enough to clean out these submissions. “Why are these spam accounts not perma banned and removed … also, the whole reporting process is onerous, there is a large form,” observed one developer.

We have asked npm for comment.

Another question is whether legitimate developers will want to be associated with the Tea project, since it is now associated with fake contributions and spam packages, and has caused extra work and risk for the community it is trying to support.