One Character, Total Compromise
A developer types npm install lodahs instead of lodash. An innocent typo. But on npm, lodahs is a real package — one published by an attacker. It installs successfully, runs a postinstall script, and exfiltrates environment variables to a remote server. The developer has no idea anything went wrong.
This is typosquatting: the practice of registering package names that are slight misspellings of popular packages, hoping that someone's mistyped keystroke delivers the malware directly into their project.
It's low-effort, high-yield, and devastatingly effective.
How Typosquatting Works
The attack is simple by design:
- Identify popular packages — Target packages with millions of weekly downloads (lodash, express, requests, numpy)
- Generate typo variants — Common patterns include character swaps (
expresss), character omissions (expres), adjacent key substitutions (rxpress), and hyphen confusion (cross-envvscrossenv) - Publish the malicious package — Register the typo name on npm, PyPI, or another registry. Include legitimate-looking code plus a malicious payload
- Wait — Eventually, someone will make a typo, or an automated tool will resolve to the wrong name
The payload can be anything: cryptominers, credential stealers, reverse shells, or data exfiltration scripts. Most typosquatting packages use preinstall/postinstall hooks to execute malicious code immediately on installation.
Real-World Examples
crossenv (npm, 2017)
One of the first widely-publicized typosquatting attacks targeted cross-env, a package with 1.5 million monthly downloads at the time. The attacker published crossenv (no hyphen), which collected environment variables — including npm tokens and CI secrets — and sent them to an external server. It was downloaded over 700 times before detection.
python3-dateutil (PyPI, 2019)
An attacker published python3-dateutil, targeting the legitimate python-dateutil package. The malicious version contained code that stole SSH and GPG keys. It was available on PyPI for several days before removal.
2021: Industrial Scale
By 2021, typosquatting has evolved from individual attacks to campaigns. Researchers at Sonatype and JFrog regularly discover batches of hundreds of malicious packages published simultaneously:
- February 2021 — Over 200 malicious npm packages discovered targeting Azure, Uber, and Airbnb internal package names (combining typosquatting with dependency confusion)
- June 2021 — JFrog researchers identified 186 malicious npm packages using typosquatting patterns targeting popular packages
- July 2021 — Sonatype detected a campaign of over 700 typosquatting packages on npm and RubyGems containing cryptominers
The campaigns are automated. Attackers use scripts to generate typo variants, create npm accounts, and publish packages in bulk. Detection is getting better, but so is the volume.
Beyond Simple Typos
Modern package name confusion goes beyond misspellings:
Combosquatting
Combining a popular name with a common suffix: lodash-utils, express-validator-2, react-component-lib. These look like legitimate ecosystem packages.
Brandjacking
Using well-known company or project names: google-analytics-api, aws-sdk-helper. Developers assume these are official packages.
Starjacking
Some registries show GitHub star counts for linked repositories. Attackers link their malicious package to the legitimate package's popular GitHub repo, making it appear endorsed.
Scope Confusion
On npm, scoped packages (@company/package) are distinct from unscoped packages (package). An attacker can publish company-package (unscoped) to target developers looking for @company/package.
Why Detection Is Hard
Volume
With 1.8+ million packages on npm and 350,000+ on PyPI, manual review is impossible. Registries rely primarily on automated detection and user reports.
Legitimate Similar Names
Not every package with a similar name is malicious. There are legitimate forks, alternatives, and wrapper libraries. webpack-cli and webpack-command are both legitimate. Automated detection must distinguish between honest naming overlap and malicious impersonation.
Short Windows
Many typosquatting packages are detected and removed within hours or days. But CI/CD pipelines run continuously. A package that exists for just 24 hours can be installed thousands of times by automated systems.
Defending Against Typosquatting
For Developers
- Double-check package names before running install commands. One extra second prevents a breach.
- Use lockfiles —
package-lock.json,yarn.lock,Pipfile.lock. Lockfiles pin exact versions and prevent accidental resolution to wrong packages. - Verify package metadata — Check the publisher, download count, repository URL, and publication date before installing unfamiliar packages.
- Disable install scripts in CI —
npm install --ignore-scriptsprevents preinstall payloads from executing.
For Organizations
- Proxy registries — Use Artifactory, Nexus, or Verdaccio as a proxy. Curate an allowlist of approved packages.
- Pre-commit hooks — Validate that added dependencies match an approved list or have been reviewed.
- Dependency scanning — Tools that check for known-malicious packages should run in CI before code reaches production.
- Internal naming conventions — If you use scoped packages internally (
@company/), ensure those scopes are claimed on public registries.
For Registries
npm, PyPI, and others are improving:
- Automated malware scanning at publish time
- Reporting mechanisms for suspicious packages
- Mandatory 2FA for popular package maintainers
- Namespace reservation for verified organizations
But the fundamental architecture — open publishing with no identity verification — means typosquatting will remain a viable attack vector.
How Safeguard.sh Helps
Safeguard.sh scans your dependency manifests and lockfiles against known-malicious package databases, including typosquatting variants of popular packages. When a dependency matches a known typosquatting pattern or is flagged by security researchers, the platform alerts you before the package enters your production builds.
The platform also performs proactive similarity analysis, comparing your declared dependencies against common typosquatting patterns. If you depend on lodash but a new package 1odash (with a digit) appears on npm, Safeguard.sh flags it as a potential threat — even before it's reported to any advisory database.
Beyond detection, Safeguard.sh provides organizational controls for dependency management. You can define approved package lists, require review for new dependencies, and enforce policies that prevent untrusted packages from entering your build pipeline. These controls turn typosquatting from a developer-level mistake into an organizational-level impossibility.