Post Syndicated from original https://lwn.net/Articles/834078/rss

We have looked at the problem of
confusingly named packages in repositories such as the Python Package Index (PyPI) before. In general,
malicious actors create these packages with names that can be mistaken for those of
legitimate packages in the repository in a form of
“typosquatting“.
Since our 2016 article, the problem has not gone away—no
surprise—but there has been some recent analysis of it, as well as
some efforts to combat it.