typosquatting
Safeguard articles tagged "typosquatting" — guides, analysis, and best practices for software supply chain and application security.
62 articles
Software supply chain attack trends: what the public incident data shows
Sonatype tracked 454,648 new malicious packages in 2025 alone — over 1.2 million total since it started counting. Here's what three years of incident data reveal.
Anatomy of an npm Dependency Confusion Attack
One researcher published fake packages matching internal names at over 35 companies in 2021 and collected six-figure bounties — here's exactly how the registry resolution flaw works.
Supply Chain Attacks FAQ: 2026 Threats Explained
Answers to the most common questions about software supply chain attacks in 2026 — how they work, famous examples, the main techniques, and how to defend against them.
GitHub repo confusion and malware repositories
Fake GitHub repos with forged stars and AI-written READMEs are stealing crypto and credentials. Here's how repo confusion attacks actually work.
Slopsquatting: When AI Hallucinates Package Names
LLMs invent plausible package names; attackers register them and wait. How slopsquatting works, why hallucinations repeat predictably, and the gates that stop it.
What Is Open Source Malware
Open source malware is code deliberately planted in packages to attack the systems that install it. Learn how it spreads, real incidents, and how it differs from CVEs.
VS Code marketplace incident postmortem: what 2023-2024 actually taught us
Between 2023 and 2024 the VS Code Marketplace saw a string of typosquat, hijack, and impersonation incidents that shaped Microsoft's eventual hardening response. This is a composite postmortem of what happened, what changed, and what is still broken in 2026.
The Fake OpenAI 'privacy-filter' Model: How a Typosquat Hit #1 on Hugging Face in May 2026
A repository named Open-OSS/privacy-filter impersonated OpenAI's release, copied its model card verbatim, and shipped a loader.py that pulled an infostealer. It reached #1 trending with ~244,000 downloads before removal.
Malicious PyPI packages: common infiltration patterns
Real malicious PyPI package examples — typosquats, dependency confusion, hijacked maintainers, and crypto stealers — and how Safeguard catches them before install.
Malicious NuGet package campaigns targeting developers
Socket.dev has tracked malicious NuGet packages stealing wallets, banking credentials, and sabotaging industrial systems. See how Safeguard catches them first.
Typosquatting across package registries (npm, Go, PyPI)
Typosquatting has infected npm, PyPI, and now Go modules. We break down real attacks like crossenv and colourama, how Socket.dev detects them, and where the gaps remain.
What is Dependency Confusion
Dependency confusion lets attackers hijack builds by publishing malicious packages under private package names to public registries. Here's how it works.