Further analysis of PyPI typosquatting
Further analysis of PyPI typosquatting
[Security] Posted Oct 14, 2020 21:31 UTC (Wed) by jake
We have looked at the problem of confusingly named packages in repositories such as the Python Package Index (PyPI) before. In general, malicious actors create these packages with names that can be mistaken for those of legitimate packages in the repository in a form of "typosquatting". Since our 2016 article, the problem has not gone away—no surprise—but there has been some recent analysis of it, as well as some efforts to combat it.