How does this skill identify suspicious packages?

It uses Levenshtein distance to find name similarities and correlates that with metadata signals such as low download counts, recent publish dates, and different author names compared to the target package.

Can this automatically remove malicious packages?

No, it is a detection and analysis tool. It flags suspicious packages for manual review and provides data to generate blocklists, but it does not perform administrative takedowns.

What are the prerequisites for running this skill?

You need Python 3.9+ with the requests and Levenshtein (or rapidfuzz) libraries installed, along with network access to the PyPI and npm APIs.

Does it support both Python and JavaScript ecosystems?

Yes, it is designed to query both the PyPI registry for Python packages and the npm registry for JavaScript packages.

Why is Levenshtein distance used for security?

Levenshtein distance measures the minimum number of edits required to change one string into another, making it the industry standard for finding common typos like 'requests' vs 'rquests'.

npm & PyPI Typosquatting Detector

Name: npm & PyPI Typosquatting Detector
Author: micsapp

bymicsapp

0•

安全与测试

Identifies malicious typosquatted packages in npm and PyPI registries using string similarity metrics and metadata analysis to secure software supply chains.

This skill provides a robust framework for detecting typosquatting attacks by analyzing package name similarities, publish date heuristics, and download count anomalies across the npm and PyPI registries. By leveraging the Levenshtein distance algorithm and automated API lookups, it helps security analysts and developers proactively identify suspicious packages that mimic popular libraries. It is particularly useful for auditing project dependencies, investigating suspected supply chain compromises, and establishing automated monitoring systems to alert when new, deceptively named packages are published that could threaten an organization's security posture.

主要功能

01Actionable reporting with risk classification and blocklist generation for CI/CD pipelines

020 GitHub stars

03Automated similarity analysis using Levenshtein and QWERTY distance metrics

04Detection of common patterns like character omission, transposition, and separator manipulation

05Real-time metadata retrieval from official PyPI and npm registry APIs

06Multi-factor risk scoring based on publish date, download counts, and author history

使用场景

01Automating supply chain threat hunting during security reviews or incident response

02Auditing project dependencies to identify accidentally installed malicious packages

03Monitoring registries for new packages targeting an organization's proprietary or open-source libraries

主要功能

01Actionable reporting with risk classification and blocklist generation for CI/CD pipelines

020 GitHub stars

03Automated similarity analysis using Levenshtein and QWERTY distance metrics

04Detection of common patterns like character omission, transposition, and separator manipulation

05Real-time metadata retrieval from official PyPI and npm registry APIs

06Multi-factor risk scoring based on publish date, download counts, and author history

使用场景

01Automating supply chain threat hunting during security reviews or incident response

02Auditing project dependencies to identify accidentally installed malicious packages

03Monitoring registries for new packages targeting an organization's proprietary or open-source libraries