A typosquatted npm package named “@acitons/artifact” impersonated the legitimate “@actions/artifact” to exploit GitHub's CI/CD workflows. It stole tokens from build environments and published malicious artifacts, highlighting vulnerabilities in supply chain security.

This article details how ten malicious npm packages use typosquatting techniques to execute credential harvesting malware on developers' systems. It describes the multi-stage process, including automatic execution, IP tracking, and extensive data extraction methods targeting various operating systems.

Twyn is a security tool designed to protect against typosquatting attacks by comparing package names in your dependencies against a list of popular packages. It offers various scanning options, supports multiple dependency file formats, and allows users to customize configurations, including an allowlist for legitimate packages that may trigger false positives. Twyn can be installed via PyPi and used through the command line or as a library in projects.