Block Typosquats At Install Time.
The malicious-package scanner plus on-device Lion inspection stop typosquats before they reach disk — across npm, pypi, maven, gem, and cargo. Similarity match against the popular-package corpus, behaviour heuristics, automatic block, audit trail.
A Single Mistyped Letter Owns The Build.
Public registries make name collisions trivial. The pattern is well documented: an attacker registers a package whose name is one letter off from a popular library, ships an install hook that exfiltrates environment variables, and waits for a developer to fat-finger an install command.
Repository-level scans do not catch it; the package is in the lockfile because someone added it deliberately. CVE databases do not catch it; the malicious package is its own artefact, not a vulnerable version of a legitimate one. The right place to intervene is at install time, on the developer's machine, before the install hook runs.
Lion runs locally at install — under 80 ms — checks the package name against a popular-corpus similarity model, inspects the package contents for known malicious patterns, and blocks if it looks like a squat before any post-install script executes.
Post-Install Hooks Run Before Review
npm and pypi packages can execute scripts the moment install completes. Network exfiltration starts before the developer even sees the lockfile diff.
Name Similarity Is High-Dimensional
Edit distance alone misses unicode-confusable, homoglyph, and scope-prefix attacks. Embedding-space similarity catches the cases that string metrics do not.
Ecosystem-Specific Payloads
Maven and gem squats often ship benign source plus a malicious build-time plugin; pypi uses setup.py; npm uses preinstall. Detection must understand each ecosystem's lifecycle.
Visibility Lives In The Wrong Place
Server-side scanning sees the package after install. The right vantage point is the developer's machine — which is where Lion runs.
Block, Inspect, And Log — At Install.
Lion Inline At Install
The on-device Lion hook intercepts every package install across npm / pypi / maven / gem / cargo. Verdict in under 80 ms; no source code or install metadata leaves the machine.
Embedding-Similarity Match
Package names are compared against the popular-corpus embedding plus Levenshtein and homoglyph distance. Suspicious-looking names trip a deeper inspection.
Behavioural Heuristics
Lion inspects manifest scripts, install hooks, and obfuscation patterns flagged by the malicious-package scanner training set. High-confidence squats block by default.
Tenant-Wide Alert Trail
Every block emits a signed event to the tenant audit log with the offending package name, the suspected target, and the developer who attempted the install.
From `npm install` To Blocked Squat.
Lion hook fires on every install attempt; works inline with the package manager — no proxy MITM required.
Package name embedded and matched against the popular-corpus index; edit distance + homoglyph distance computed in parallel.
Install scripts, post-install hooks, and obfuscation heuristics evaluated by the on-device Lion classifier.
If score crosses threshold, the install is blocked before any script runs; otherwise it proceeds with no measurable latency.
A signed event is sent to the tenant audit log; high-confidence squats trigger Eagle-led further investigation.
Confirmed malicious packages are reported via the registry abuse channels; tenant mirrors blackhole the namespace.
Outcomes You Notice On Day Two.
No Squat Reaches Disk
Visibility For Security Teams
Coordinated Takedown Path
See Lion for the on-device runtime, scanner-suite for the malicious-package classifier, and SCA for the dependency graph context.
Stop A Squat Before The Install Hook Fires.
Install the Lion hook on a single dev workstation and we'll replay a known squat against it in the demo.