Open Source: Tea protocol leads to "cobra effect" on package manager npm
The Tea protocol, which is intended to promote open source development, triggers a veritable flood of spam packages with transitive dependencies on npm.
(Image: Bild erzeugt mit KI)
Phylum, a company specializing in software supply chain security, has discovered a flood of spam in the package manager npm over the past six months. More than two thirds of the new packages examined were spam.
The packages found are probably not packages with malicious code, but are used to collect money through the Tea protocol, an initiative that aims to reward developers who contribute to open source projects.
The SEO spam story repeats itself
The father of the Tea Protocol is Max Howell, the brains behind the package manager Homebrew. His basic idea is to rank open source projects according to their distribution and usefulness and to reward those responsible for and involved in the project in the form of cryptocurrency.
A teaRank, which is based on Google's PageRank, evaluates the distribution and therefore the usefulness of the packages based on the dependencies. Apparently, the npm spammers exploit these calculations in the same way as the early search engine or SEO (Search Engine Optimization) spammers exploit the PageRank algorithm.
In initial investigations since February 2024, Phylum has noticed that there has been a steady increase in the number of new packages on npm. The number of new additions rose from around 1,500 per working day at the beginning of the year to a peak of 48,000 on April 8.
Tea in the jungle of dependencies
Many packages have names with wild, seemingly random combinations of letters. Numerous dependencies between the packages are striking. For example, almost 100,000 packages have a dependency on the random-job-selector package. The project is therefore rising in the teaRank evaluation.
(Image: Screenshot (Rainald Menge-Sonnentag))
The fact that the random-job-selector itself has dependencies to random-drink-selector and a random-religion-selector, among others, is at least original.
In order for the packages to be evaluated for the tea protocol, they require the file tea.yaml, which is not found in all packages, but in certain worthwhile packages "in the morass of transitive dependencies", as the Pyhlum blog post puts it.
Lots of spam, but probably no malicious code
According to Phylum, 890,000 completely new packages – no version updates – have appeared on npm since February 2024, of which the company has examined 900, i.e. a sample of about one per thousand. Around 70 percent of the packages examined were spam.
At least the conspicuous packets were used exclusively to collect cryptocurrency via the Tea protocol. Phylum did not find any malicious code. This is also contradicted by the often confusing package names, which, unlike typosquatting or brandjacking packages, are not intended for others to use them and thus integrate the malicious code into their project. Brandjacking uses company names such as Twilio to simulate a legitimate source. In typosquatting, the packages with malicious code have names that resemble the names of popular packages. The method relies on typosquatting and also uses separators such as underscores and hyphens. My-packet becomes my-packet, mypacket or my_packet. The attackers justifiably hope that someone will make a mistake.
The greatest damage therefore lies on the one hand with the operators of npm and on the other hand with open source developers who use the Tea protocol legitimately and receive a much smaller slice of the cake as a result of the spam.
Cobra effect in the open source universe
The spam wave is therefore a kind of cobra effect for open source. Horst Siebert's book of the same name describes false incentives for the economy that have the opposite, negative consequences. The term goes back to the story that bounties on cobras did not lead to a reduced population of the snakes, but to an increased one, as resourceful bounty hunters bred new cobras in order to obtain more money. After the bounty was released, the breeders released the remaining cobras into the wild.
The wave of spam on npm is not the first negative effect of this kind. Even in the early days, open source maintainers on GitHub reported strange pull requests in their projects. With a flood of largely useless open source contributions, the question arises, at least marginally, as to what trained AI models learn from these projects.
For more details on the investigation of npm packages , see the blog post at Phylum.
(rme)
