Safeguard
Tag

typosquatting

Safeguard articles tagged "typosquatting" — guides, analysis, and best practices for software supply chain and application security.

62 articles

AI Security

The Cursor extension that cost a developer $500,000

A fake Solidity extension on Open VSX was downloaded 50,000+ times, dropped an infostealer, and drained $500K in crypto — how the marketplace trust model failed.

Jul 16, 20266 min read
Supply Chain Security

Do Not Pass GO: Malicious Golang Package Alert

A typosquat of boltdb/bolt stayed cached on Go's module proxy for roughly three years after its source repo was cleaned up — proxy caching beats takedowns.

Jul 16, 20266 min read
Supply Chain Attacks

npm package aliasing: the dependency confusion attack surface most teams never scan

npm's alias@npm:target syntax lets an attacker capture a name that doesn't even exist yet on the registry — widening dependency confusion past simple squatting.

Jul 16, 20266 min read
Supply Chain Security

npm supply-chain attacks: typosquatting, dependency confusion, and postinstall malware

event-stream hid a wallet-stealing payload behind 8M downloads in 2018. Here's how typosquatting and dependency confusion actually work, and how to stop them.

Jul 15, 20266 min read
Supply Chain Attacks

Anatomy of a malicious npm package attack

One phished maintainer, 18 packages, and billions of weekly downloads — how npm/PyPI supply chain attacks actually unfold, and the signals that expose them.

Jul 14, 20266 min read
Supply Chain Attacks

Typosquatting and dependency confusion: a defense guide

In 2021 one researcher got code execution inside 35+ companies for $130,000+ in bounties — without exploiting a single vulnerability. Here's how to close the gap.

Jul 14, 20266 min read
Supply Chain Attacks

The anatomy of a PyPI credential stealer

In a single 24-hour window in 2022, one actor shipped 12 malicious PyPI packages bundling Windows stealers that harvested browser, Discord, and Roblox credentials.

Jul 11, 20267 min read
Supply Chain Security

Anatomy of a Malicious Go Package Typosquat

A Go typosquat backdoored since 2021 stayed live for over three years because Go's module proxy caches code immutably — even after the attacker cleaned the repo.

Jul 10, 20266 min read
Supply Chain Attacks

Inside the npm Reward-Farming Worm That Published 89,000+ Packages

One npm publishing bot exploited a crypto reward protocol to spam 89,000+ packages, some appearing every 7-10 seconds. Here's how it worked and how to spot it.

Jul 9, 20267 min read
Supply Chain Security

Dependency confusion and npm supply-chain hardening

One researcher earned over $130,000 exploiting name collisions between public and private registries at 35 companies — here's how lockfiles and scoping stop it.

Jul 8, 20267 min read
Supply Chain Security

How Attackers Clone GitHub Repos to Ship Malware

One threat actor ran 3,000+ fake GitHub accounts and 2,200+ cloned repos to infect over 1,300 victims in four days. Here's how to spot the fakes.

Jul 8, 20267 min read
Supply Chain Attacks

The string-width-cjs npm packages: a supply chain warm-up, not a breach

One of three empty npm packages aliasing real libraries reached 500+ dependents and 7,274 weekly downloads — with no malicious code found at all.

Jul 8, 20265 min read
typosquatting — Safeguard Blog