SUP-COMPROMISE-002 Typosquat

A direct or transitive dependency matches a curated supply-chain incident in the typosquat kind. The package name impersonates a real upstream (a one-letter substitution, a swapped scope, a near-identical homoglyph). The legitimate package is fine; the installed package is a different one with attacker-controlled content under a confusable name.

Typosquats usually run their payload at import time so a single npm install or pip install is enough to compromise the host.

Catalogued incidents under this kind include:

• INCIDENT-2022-pytagora (PyPI: [email protected], 1.1), the PyTorch typosquat that fetched a second-stage payload on import.
• INCIDENT-2024-solana-token-utils (npm: [email protected], 1.0.1), a @solana/web3.js helper typosquat that exfiltrated Solana wallet private keys.

What Vulkro detects

The detector walks every (ecosystem, name, version) triple discovered by the SCA pipeline and looks each one up against the curated catalog. A row whose kind is typosquat and whose versions[] contains the installed version produces a SUP-COMPROMISE-002 finding.

Severity: the catalog row's severity (typically High). Confidence: High. Evidence signal: compromised-release-exact-version-match, weight 1.0.

Note: the detector does NOT yet do general edit-distance typosquat scoring against an upstream package corpus; that's a heuristic shape that lives elsewhere in the scanner. SUP- COMPROMISE-002 is the catalog-curated half: every entry is a real incident whose name was hand-classified as a typosquat.

Non-compliant lockfile

{
  "default": {
    "pytagora": {
      "version": "1.0",
      "hashes": []
    }
  }
}

pytagora is the typosquat. The legitimate PyTorch package is torch.

Compliant lockfile

[[package]]
name = "torch"
version = "2.4.0"

Remediation

1. Replace the dependency with the correct upstream package name. The advisory in the finding references the project's incident response and the legitimate name.
2. Verify the upstream name against the project's official documentation, README, or registry homepage. Do not rely on registry search results: the typosquat may rank above the legitimate package.
3. Audit any build artefacts produced while the typosquat was resolved. Typosquats usually run their payload at import / setup.py / lifecycle-script time, so the payload likely already executed.
4. Rotate every credential the host environment could have seen during the affected window.

See also

• vulkro scan - parent CLI; SUP-COMPROMISE-* findings emit during the default scan.
• vulkro respond - find every other place the same typosquat is in use.
• SUP-COMPROMISE-001 - sibling rule for hijacked-publish incidents.
• SUP-COMPROMISE-003 - sibling rule for postinstall payloads (typosquats frequently use this delivery method).

References

• CWE-1357: Reliance on Insufficiently Trustworthy Component
• CWE-506: Embedded Malicious Code
• OWASP A08:2021 Software and Data Integrity Failures