typosquatting
Safeguard articles tagged "typosquatting" — guides, analysis, and best practices for software supply chain and application security.
62 articles
The Cursor extension that cost a developer $500,000
A fake Solidity extension on Open VSX was downloaded 50,000+ times, dropped an infostealer, and drained $500K in crypto — how the marketplace trust model failed.
Do Not Pass GO: Malicious Golang Package Alert
A typosquat of boltdb/bolt stayed cached on Go's module proxy for roughly three years after its source repo was cleaned up — proxy caching beats takedowns.
npm package aliasing: the dependency confusion attack surface most teams never scan
npm's alias@npm:target syntax lets an attacker capture a name that doesn't even exist yet on the registry — widening dependency confusion past simple squatting.
npm supply-chain attacks: typosquatting, dependency confusion, and postinstall malware
event-stream hid a wallet-stealing payload behind 8M downloads in 2018. Here's how typosquatting and dependency confusion actually work, and how to stop them.
Anatomy of a malicious npm package attack
One phished maintainer, 18 packages, and billions of weekly downloads — how npm/PyPI supply chain attacks actually unfold, and the signals that expose them.
Typosquatting and dependency confusion: a defense guide
In 2021 one researcher got code execution inside 35+ companies for $130,000+ in bounties — without exploiting a single vulnerability. Here's how to close the gap.
The anatomy of a PyPI credential stealer
In a single 24-hour window in 2022, one actor shipped 12 malicious PyPI packages bundling Windows stealers that harvested browser, Discord, and Roblox credentials.
Anatomy of a Malicious Go Package Typosquat
A Go typosquat backdoored since 2021 stayed live for over three years because Go's module proxy caches code immutably — even after the attacker cleaned the repo.
Inside the npm Reward-Farming Worm That Published 89,000+ Packages
One npm publishing bot exploited a crypto reward protocol to spam 89,000+ packages, some appearing every 7-10 seconds. Here's how it worked and how to spot it.
Dependency confusion and npm supply-chain hardening
One researcher earned over $130,000 exploiting name collisions between public and private registries at 35 companies — here's how lockfiles and scoping stop it.
How Attackers Clone GitHub Repos to Ship Malware
One threat actor ran 3,000+ fake GitHub accounts and 2,200+ cloned repos to infect over 1,300 victims in four days. Here's how to spot the fakes.
The string-width-cjs npm packages: a supply chain warm-up, not a breach
One of three empty npm packages aliasing real libraries reached 500+ dependents and 7,274 weekly downloads — with no malicious code found at all.