Safeguard
Tag

typosquatting

Safeguard articles tagged "typosquatting" — guides, analysis, and best practices for software supply chain and application security.

62 articles

Software Supply Chain Security

What is Typosquatting

Typosquatting tricks developers into installing malicious lookalike packages. Learn how it works, real npm/PyPI attacks, and how to detect it.

Apr 4, 20267 min read
Software Supply Chain Security

What Are Malicious Packages

Malicious npm packages steal credentials, mine crypto, or wipe files. Learn how attackers plant them and how to detect and stop them fast.

Apr 3, 20267 min read
Open Source Security

Typosquatting packages

What is typosquatting? A precise breakdown of package typosquatting attacks, real npm and PyPI examples, and how lookalike malicious packages slip into builds.

Mar 3, 20266 min read
Supply Chain

PyPI Security: Malware Campaigns and How to Defend

The Python Package Index has become a first-class malware channel — from the ctx hijack to the ultralytics pipeline compromise. Here are the campaigns worth studying and the defenses that work.

Feb 12, 20266 min read
Open Source Security

What is a Package Manager

Package managers like npm and pip automate dependency resolution — and have been the entry point for incidents from event-stream to the xz-utils backdoor.

Feb 8, 20267 min read
Open Source Security

What is PyPI Security

PyPI security stops typosquats, dependency confusion, and poisoned CI builds before pip install ever runs your code.

Feb 8, 20267 min read
Supply Chain Attacks

Cargo supply chain attacks: typosquatting and malicious c...

Crates.io typosquatting tricks Rust developers into pulling malicious crates instead of trusted ones. Here's how these attacks work — and how to spot them before you build.

Feb 5, 20267 min read
Open Source Security

NuGet supply chain attacks: typosquatting and dependency ...

NuGet typosquatting and dependency confusion let attackers plant malicious packages in .NET builds. Here's how real campaigns worked and how to stop them.

Jan 31, 20268 min read
Vulnerability Analysis

Typosquatting in open source package registries explained

Typosquatting hides malware behind a one-character package name typo. Learn how it works, real incidents, and how to detect it before your build runs.

Dec 7, 20257 min read
Open Source Security

Go module proxy vulnerability trends

A backdoor hid in Go's module proxy for 3+ years, and 63,000+ orphaned packages remain cached. Inside 2025's Go supply chain reckoning.

Nov 21, 20256 min read
Open Source Security

Malicious Go modules found on GitHub

Malicious Go modules keep surfacing on GitHub, exploiting the ecosystem's lack of a curated registry. Here's the pattern — and how to defend against it.

Nov 20, 20257 min read
Container Security

Docker Hub typosquatting of official images

Attackers are cloning popular Docker Official Images under lookalike names, tricking `docker pull` into fetching malware instead of trusted base images.

Nov 17, 20257 min read
typosquatting (Page 3) — Safeguard Blog