application-security
Typosquatting
Typosquatting
Definition
Typosquatting is a supply chain attack where malicious packages are published with names closely resembling popular legitimate packages, targeting developers who mistype package names. Attackers rely on common typos (e.g., `requets` instead of `requests`) to get their malicious code installed.
Mitigations include using package name allowlists, installing packages with exact-match verification, and monitoring for newly registered packages similar to your dependencies.
Ship secure code faster
Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.