👩💻 Join our community of thousands of amazing developers!
Earlier this month an article was published summarizing Nikolai Philipp Tschacher's thesis about typosquatting. In short typosquatting is a way to attack users of a package manager by registering a package with a name similar to a popular package, hoping that someone will accidentally typo the name and end up installing your version of it that contains malware. The thesis mentions https://packagist.org as a good example as we use vendor namespaces: [...] it is much more secure, if a package is n...