Skip to content

Commit

Permalink
feat: introduce new typosquatting marshall (#297)
Browse files Browse the repository at this point in the history
Signed-off-by: Liran Tal <liran.tal@gmail.com>
  • Loading branch information
lirantal authored Nov 21, 2023
1 parent 1391dc3 commit d20cdc2
Show file tree
Hide file tree
Showing 3 changed files with 72 additions and 4 deletions.
50 changes: 50 additions & 0 deletions lib/marshalls/typosquatting.marshall.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
'use strict'

const BaseMarshall = require('./baseMarshall')
const { marshallCategories } = require('./constants')

const path = require('path')
const levenshtein = require('fast-levenshtein')
const topPackagesRawJSON = require(path.join(__dirname, '../../data/top-packages.json'))

const MARSHALL_NAME = 'typosquatting'

class Marshall extends BaseMarshall {
constructor(options) {
super(options)
this.name = MARSHALL_NAME
this.categoryId = marshallCategories.PackageHealth.id
}

title() {
return 'Checking for typosquatting'
}

validate(pkg) {
let levenshteinDistance = null
let similarPackages = []
return new Promise((resolve, reject) => {
for (const popularPackageNameInRepository of topPackagesRawJSON) {
levenshteinDistance = levenshtein.get(pkg.packageName, popularPackageNameInRepository)

if (levenshteinDistance < 3) {
similarPackages.push(popularPackageNameInRepository)
}
}

if (similarPackages.length > 0) {
return reject(
new Error(
`Package name could be a typosquatting attempt for popular package(s): ${similarPackages.join(
', '
)}`
)
)
}

return resolve([])
})
}
}

module.exports = Marshall
25 changes: 21 additions & 4 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,7 @@
}
},
"dependencies": {
"fast-levenshtein": "^3.0.0",
"glob": "^10.3.10",
"inquirer": "^8.2.6",
"kleur": "^4.1.5",
Expand Down

0 comments on commit d20cdc2

Please sign in to comment.