Reply to post: Re: flat namespace is type squatting friendly.

Typo-squatting NPM software supply chain attack uncovered

veti Silver badge

Re: flat namespace is type squatting friendly.

Surely all that would do is move the attack up a level. Put the typo in the account name, then the package can have the name spelled correctly.

How about an automated check for names that were very similar to existing ones, triggering a deeper review of the content being posted?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon