Typo Squatting and Packagist

1 · Jordi Boggiano · June 29, 2016, 7:20 p.m.
Earlier this month an article was published summarizing Nikolai Philipp Tschacher's thesis about typosquatting. In short typosquatting is a way to attack users of a package manager by registering a package with a name similar to a popular package, hoping that someone will accidentally typo the name and end up installing your version of it that contains malware. The thesis mentions https://packagist.org as a good example as we use vendor namespaces: [...] it is much more secure, if a package is n...