Oh look, the 'tea' get-paid-to-publish-open-source blockchain thing is vulnerable to the exact same basic attack that had already been spotted by everyone who's looking into developer compensation before (where distributing money based on package count incentivizes making spam packages) and now the npm search is completely useless because it's full of spam.

Like, guys, there's a *reason* many of us never went ahead with implementing this model for maintainer compensation. Because it DOESN'T FUCKING WORK, in ways that are extremely obvious if you'd thought about it for ten seconds.