Supply Chain Checked by Vezraa
Typosquatting
Registering packages with names similar to popular ones to trick developers into installing malware.
Typosquatters register misspelled versions of popular npm/PyPI packages (e.g., 'requets' instead of 'requests'). Developers who mistype the package name during install end up running malicious code. Verify package names and check downloads counts.