RubyGems - typosquatting - Versions diffs - 0.2.0 → 0.3.0 - Mend

typosquatting 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 57ce19f59014bac56c5922b53d59c794ef8b55c3ff13cde363db2bef133aff23
-  data.tar.gz: facd26dd6b71803eadfb0c2395f7a0a1249d25992c38d5cf07a15a255de91d69
+  metadata.gz: 59d9c744171a8ac32d88c7218078d24ce9a27da2822b03c5127569a9cf91be46
+  data.tar.gz: eb928d00e9d2f3eb5c195628c9a7bc8eaf33e02bc04ce07eab98449b48e3f12c
 SHA512:
-  metadata.gz: f1de5348e69ee48a5eadcd7fccc310b5f7224f888e84a69bac5ba5fd6bd7d01a64638650834e39ad9f7c55083ec6dd9b3613ed83aefe6019724325a5fcf3b07d
-  data.tar.gz: 40fe04d1f03d7917bac5663a5a22f90b0bfef24307f9656d9401cb77dbff710f332de4c15c7165a564f81ca6a701ea783fd26ceea335b09309260d1526dc87ef
+  metadata.gz: ef4a6f706d3bd5a53d603c1c7d124fd317241ecff5ec898dea1df810ae5e65173986ab3d329ddb7300c89c2608c797b99369425eeb7910cb40f7574de99dfd00
+  data.tar.gz: 93643869152bc1c8ee092a0289c5c49d8615f69adb849f1f5343d8f11748b425f48b6a1e6028223432cf1eecb725fae24181e9d218297657a9fa61e1309675ef

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,9 @@
 ## [Unreleased]
+## [0.3.0] - 2025-12-17
+- Add `discover` command to find existing similar packages by edit distance using prefix/postfix API
 ## [0.2.0] - 2025-12-17
 - Add GitHub Actions ecosystem for CI/CD workflow typosquatting detection

data/README.md CHANGED Viewed

@@ -69,6 +69,12 @@ typosquatting check requests -e pypi -f json
 # List available algorithms
 typosquatting algorithms
+# Discover existing packages similar to a target (by edit distance)
+typosquatting discover requests -e pypi
+# Discover with generated variants check
+typosquatting discover requests -e pypi --with-variants
 ```
 ## Example Output
@@ -204,6 +210,34 @@ Package lookups use the [ecosyste.ms](https://packages.ecosyste.ms) API. Request
 Be mindful when checking many packages. The `--dry-run` flag shows what would be checked without making API calls.
+### packages.ecosyste.ms API
+The package_names endpoint can help identify potential typosquats by searching for packages with similar prefixes or postfixes to popular package names.
+```
+GET /api/v1/registries/{registry}/package_names
+```
+**Parameters:**
+- `prefix` - filter by package names starting with string (case insensitive)
+- `postfix` - filter by package names ending with string (case insensitive)
+- `page`, `per_page` - pagination
+- `sort`, `order` - sorting
+**Examples:**
+```
+# Find RubyGems packages ending in "ails" (potential "rails" typosquats)
+https://packages.ecosyste.ms/api/v1/registries/rubygems.org/package_names?postfix=ails
+# Find RubyGems packages starting with "rai" (potential "rails" typosquats)
+https://packages.ecosyste.ms/api/v1/registries/rubygems.org/package_names?prefix=rai
+# Find npm packages starting with "reac" (potential "react" typosquats)
+https://packages.ecosyste.ms/api/v1/registries/npmjs.org/package_names?prefix=reac
+```
+Full API documentation: [packages.ecosyste.ms/docs](https://packages.ecosyste.ms/docs)
 ## Dataset
 The [ecosyste-ms/typosquatting-dataset](https://github.com/ecosyste-ms/typosquatting-dataset) contains 143 confirmed typosquatting attacks from security research, mapping malicious packages to their targets with classification and source attribution. Useful for testing detection tools and understanding real attack patterns.

data/lib/typosquatting/cli.rb CHANGED Viewed

@@ -16,6 +16,8 @@ module Typosquatting
         generate(args)
       when "check"
         check(args)
+      when "discover"
+        discover(args)
       when "confusion"
         confusion(args)
       when "sbom"
@@ -101,6 +103,39 @@ module Typosquatting
       output_check_results(results, options)
     end
+    def discover(args)
+      options = { format: "text", max_distance: 2 }
+      parser = OptionParser.new do |opts|
+        opts.banner = "Usage: typosquatting discover PACKAGE -e ECOSYSTEM [options]"
+        opts.on("-e", "--ecosystem ECOSYSTEM", "Package ecosystem (required)") { |v| options[:ecosystem] = v }
+        opts.on("-f", "--format FORMAT", "Output format (text, json)") { |v| options[:format] = v }
+        opts.on("-d", "--distance N", Integer, "Maximum edit distance (default: 2)") { |v| options[:max_distance] = v }
+        opts.on("--with-variants", "Also show which generated variants exist") { options[:with_variants] = true }
+      end
+      parser.parse!(args)
+      package = args.shift
+      unless package && options[:ecosystem]
+        $stderr.puts "Error: Package name and ecosystem required"
+        $stderr.puts parser
+        exit 1
+      end
+      lookup = Lookup.new(ecosystem: options[:ecosystem])
+      $stderr.puts "Discovering similar packages to #{package}..." if $stderr.tty?
+      results = lookup.discover(package, max_distance: options[:max_distance])
+      if options[:with_variants]
+        generator = Generator.new(ecosystem: options[:ecosystem])
+        variants = generator.generate(package)
+        variant_results = lookup.check_with_variants(package, variants)
+        existing_variants = variant_results.select(&:exists?)
+      end
+      output_discover_results(results, existing_variants, options)
+    end
     def confusion(args)
       options = { format: "text" }
       parser = OptionParser.new do |opts|
@@ -212,6 +247,7 @@ module Typosquatting
       puts "Commands:"
       puts "  generate PACKAGE -e ECOSYSTEM    Generate typosquat variants"
       puts "  check PACKAGE -e ECOSYSTEM       Check which variants exist"
+      puts "  discover PACKAGE -e ECOSYSTEM    Find similar packages by edit distance"
       puts "  confusion PACKAGE -e ECOSYSTEM   Check for dependency confusion"
       puts "  sbom FILE                        Check SBOM for potential typosquats"
       puts "  ecosystems                       List supported ecosystems"
@@ -222,6 +258,7 @@ module Typosquatting
       puts "Examples:"
       puts "  typosquatting generate requests -e pypi"
       puts "  typosquatting check requests -e pypi --existing-only"
+      puts "  typosquatting discover rails -e gem --with-variants"
       puts "  typosquatting confusion my-package -e maven"
       puts "  typosquatting sbom bom.json"
     end
@@ -379,5 +416,42 @@ module Typosquatting
         puts "Found #{results.length} suspicious package(s)"
       end
     end
+    def output_discover_results(discovered, existing_variants, options)
+      case options[:format]
+      when "json"
+        data = {
+          discovered: discovered.map(&:to_h),
+          existing_variants: existing_variants&.map(&:to_h)
+        }.compact
+        puts JSON.pretty_generate(data)
+      else
+        if discovered.empty? && (existing_variants.nil? || existing_variants.empty?)
+          puts "No similar packages found"
+          return
+        end
+        if discovered.any?
+          puts "Similar packages found (by edit distance):"
+          puts ""
+          discovered.each do |result|
+            puts "  #{result.name} (distance: #{result.distance})"
+          end
+          puts ""
+        end
+        if existing_variants&.any?
+          puts "Generated variants that exist:"
+          puts ""
+          existing_variants.each do |result|
+            puts "  #{result.name}"
+          end
+          puts ""
+        end
+        puts "Found #{discovered.length} similar package(s)"
+        puts "Found #{existing_variants.length} existing variant(s)" if existing_variants&.any?
+      end
+    end
   end
 end

data/lib/typosquatting/lookup.rb CHANGED Viewed

@@ -4,6 +4,7 @@ require "net/http"
 require "json"
 require "uri"
 require "purl"
+require "set"
 module Typosquatting
   class Lookup
@@ -51,6 +52,92 @@ module Typosquatting
       response&.map { |r| Registry.new(r) } || []
     end
+    def list_names(registry:, prefix: nil, postfix: nil)
+      params = []
+      params << "prefix=#{URI.encode_www_form_component(prefix)}" if prefix
+      params << "postfix=#{URI.encode_www_form_component(postfix)}" if postfix
+      query = params.empty? ? "" : "?#{params.join("&")}"
+      fetch("/registries/#{URI.encode_www_form_component(registry)}/package_names#{query}") || []
+    end
+    def discover(package_name, max_distance: 2)
+      registry = registries.first
+      return [] unless registry
+      prefix = package_name[0, 3]
+      candidates = list_names(registry: registry.name, prefix: prefix)
+      candidates.filter_map do |candidate|
+        next if candidate == package_name
+        distance = levenshtein(package_name.downcase, candidate.downcase)
+        next if distance > max_distance || distance == 0
+        DiscoveryResult.new(
+          name: candidate,
+          target: package_name,
+          distance: distance
+        )
+      end.sort_by(&:distance)
+    end
+    def check_with_variants(package_name, variants)
+      registry = registries.first
+      return [] unless registry
+      prefix = package_name[0, 3]
+      existing = list_names(registry: registry.name, prefix: prefix)
+      existing_set = existing.map(&:downcase).to_set
+      variant_names = variants.map { |v| v.is_a?(String) ? v : v.name }
+      variant_names.filter_map do |variant|
+        exists = existing_set.include?(variant.downcase)
+        VariantCheckResult.new(
+          name: variant,
+          exists: exists
+        )
+      end
+    end
+    def levenshtein(s1, s2)
+      m, n = s1.length, s2.length
+      return n if m == 0
+      return m if n == 0
+      d = Array.new(m + 1) { |i| i }
+      x = nil
+      (1..n).each do |j|
+        d[0] = j
+        x = j - 1
+        (1..m).each do |i|
+          cost = s1[i - 1] == s2[j - 1] ? 0 : 1
+          x, d[i] = d[i], [d[i] + 1, d[i - 1] + 1, x + cost].min
+        end
+      end
+      d[m]
+    end
+    DiscoveryResult = Struct.new(:name, :target, :distance, keyword_init: true) do
+      def to_h
+        { name: name, target: target, distance: distance }
+      end
+    end
+    VariantCheckResult = Struct.new(:name, :exists, keyword_init: true) do
+      def exists?
+        exists
+      end
+      def to_h
+        { name: name, exists: exists }
+      end
+    end
     Result = Struct.new(:name, :purl, :packages, :ecosystem, keyword_init: true) do
       def exists?
         !packages.empty?

data/lib/typosquatting/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Typosquatting
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: typosquatting
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Andrew Nesbitt