The malicious-package scanner plus on-device Lino inspection stop typosquats before they reach disk — across npm, pypi, maven, gem, and cargo. Similarity match against the popular-package corpus, behaviour heuristics, automatic block, audit trail.
Public registries make name collisions trivial. The pattern is well documented: an attacker registers a package whose name is one letter off from a popular library, ships an install hook that exfiltrates environment variables, and waits for a developer to fat-finger an install command.
Repository-level scans do not catch it; the package is in the lockfile because someone added it deliberately. CVE databases do not catch it; the malicious package is its own artefact, not a vulnerable version of a legitimate one. The right place to intervene is at install time, on the developer's machine, before the install hook runs.
Lino runs locally at install — under 80 ms — checks the package name against a popular-corpus similarity model, inspects the package contents for known malicious patterns, and blocks if it looks like a squat before any post-install script executes.
npm and pypi packages can execute scripts the moment install completes. Network exfiltration starts before the developer even sees the lockfile diff.
Edit distance alone misses unicode-confusable, homoglyph, and scope-prefix attacks. Embedding-space similarity catches the cases that string metrics do not.
Maven and gem squats often ship benign source plus a malicious build-time plugin; pypi uses setup.py; npm uses preinstall. Detection must understand each ecosystem's lifecycle.
Server-side scanning sees the package after install. The right vantage point is the developer's machine — which is where Lino runs.
The on-device Lino hook intercepts every package install across npm / pypi / maven / gem / cargo. Verdict in under 80 ms; no source code or install metadata leaves the machine.
Package names are compared against the popular-corpus embedding plus Levenshtein and homoglyph distance. Suspicious-looking names trip a deeper inspection.
Lino inspects manifest scripts, install hooks, and obfuscation patterns flagged by the malicious-package scanner training set. High-confidence squats block by default.
Every block emits a signed event to the tenant audit log with the offending package name, the suspected target, and the developer who attempted the install.
Lino hook fires on every install attempt; works inline with the package manager — no proxy MITM required.
Package name embedded and matched against the popular-corpus index; edit distance + homoglyph distance computed in parallel.
Install scripts, post-install hooks, and obfuscation heuristics evaluated by the on-device Lino classifier.
If score crosses threshold, the install is blocked before any script runs; otherwise it proceeds with no measurable latency.
A signed event is sent to the tenant audit log; high-confidence squats trigger Eagle-led further investigation.
Confirmed malicious packages are reported via the registry abuse channels; tenant mirrors blackhole the namespace.
See Lino for the on-device runtime, scanner-suite for the malicious-package classifier, and SCA for the dependency graph context.
Install the Lino hook on a single dev workstation and we'll replay a known squat against it in the demo.