← Back to snippets

typosqautting

typosqautting is when somebody deliberately (sometimes maliciously) registers a common misspelling of another organization's domain as their own.

oftentimes appears in the context of website URLs, but also can occur with software packages on registries like npm or pip.

i attempted to a publish a (harmless) typosquatted npm package that just displays some educational information about typosqautting, but was πŸ–οΈπŸ›‘stoppedπŸ–οΈπŸ›‘. looks like npm has some sort of edit distance check that prevents you from creating packages that are too similarly named to widely popular packages. not sure if other registries have this set up, so be careful not to fat-finger your package installs.