Typosquatting

← Back to Software Supply Chain

Publishing malicious packages with names similar to popular packages (e.g., “lodas” instead of “lodash”) on public registries. Developers who mistype package names or are inattentive during installation may inadvertently install malicious code.

Key Properties

Name Similarity Attacks
Registry Protection
Package Verification

supply-chain-security typosquatting

Software Engineering KB

Explorer

Typosquatting

Typosquatting

Key Properties

Graph View

Table of Contents

Backlinks