typosquatting 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/lib/typosquatting/sbom.rb +27 -9
  4. data/lib/typosquatting/version.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1b77954d544fc39b144352e1dfa75ab18f52701b1c8e9d7b49f940158c10f38f
4
- data.tar.gz: 3dec0264d6573615efebeb2a6d21e42a1c610e36a5e62449f35d5cee653bc748
3
+ metadata.gz: f791ab61b6b1a907c25e8ecba6f3e6a2f341e07f5232125297405093e4841cef
4
+ data.tar.gz: 8cea179d8c952ca8b93fb42b76d060f02ec312500b1f4a2ffd2e372e2535385b
5
5
  SHA512:
6
- metadata.gz: bd100e0d02cda3102f1a65c971a9466deb707f3fc54dc277e188a55d0b8bc91990088469c766f3fa1105950e289152295f0980d392070f8b6eac29f985787b25
7
- data.tar.gz: cd6b58996822828dc412f8c88baddc792ff80e8ae3b69247f0b1e9481738c2718e630495e7ec4d1b9c8023eaf497c8aafe7f1b4b5b6f3ce866e66d4fbf928a06
6
+ metadata.gz: cdb27c59163382c8615a3e5783c519e578271be0d52a16beddbf8458a8cf1b62e582e8eec297f8d1cf28c67840bac27e1533cb018b59ed8df3e2af46dca1c80a
7
+ data.tar.gz: 5298442b1f8cafc97fa7c20b321c2cffd6d3a638a5e04b9749047c5341927259eb325e3199d056902e4741b34e51d0e25f431973e4c90841874e19b5d8ce8936
data/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  ## [Unreleased]
2
2
 
3
+ ## [0.5.1] - 2026-01-04
4
+
5
+ - Filter duplicate packages in SBOM checking to avoid redundant results and API calls
6
+
3
7
  ## [0.5.0] - 2026-01-04
4
8
 
5
9
  - Add bulk lookup for SBOM checking to reduce API calls
data/lib/typosquatting/sbom.rb CHANGED
@@ -12,8 +12,28 @@ module Typosquatting
12
12
  end
13
13
 
14
14
  def check
15
+ unique_packages = extract_unique_packages
15
16
  results = []
16
17
 
18
+ unique_packages.each do |key, pkg_info|
19
+ suspicions = find_typosquat_matches(pkg_info[:name], pkg_info[:ecosystem])
20
+ next if suspicions.empty?
21
+
22
+ results << SBOMResult.new(
23
+ name: pkg_info[:name],
24
+ version: nil,
25
+ ecosystem: pkg_info[:ecosystem_type],
26
+ purl: pkg_info[:purl],
27
+ suspicions: suspicions
28
+ )
29
+ end
30
+
31
+ results
32
+ end
33
+
34
+ def extract_unique_packages
35
+ packages = {}
36
+
17
37
  sbom.packages.each do |pkg|
18
38
  purl_string = extract_purl(pkg)
19
39
  next unless purl_string
@@ -31,19 +51,17 @@ module Typosquatting
31
51
  end
32
52
 
33
53
  package_name = purl.namespace ? "#{purl.namespace}/#{purl.name}" : purl.name
34
- suspicions = find_typosquat_matches(package_name, ecosystem)
35
- next if suspicions.empty?
54
+ key = "#{purl.type}:#{package_name}"
36
55
 
37
- results << SBOMResult.new(
56
+ packages[key] ||= {
38
57
  name: package_name,
39
- version: purl.version,
40
- ecosystem: purl.type,
41
- purl: purl_string,
42
- suspicions: suspicions
43
- )
58
+ ecosystem: ecosystem,
59
+ ecosystem_type: purl.type,
60
+ purl: purl_string
61
+ }
44
62
  end
45
63
 
46
- results
64
+ packages
47
65
  end
48
66
 
49
67
  SBOMResult = Struct.new(:name, :version, :ecosystem, :purl, :suspicions, keyword_init: true) do
data/lib/typosquatting/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Typosquatting
4
- VERSION = "0.5.0"
4
+ VERSION = "0.5.1"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: typosquatting
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Nesbitt