You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vulnerable Package issue exists @ Npm-momnet-2.29.1 in branch main
This package name is similar to other popular package "moment"
About
Typosquatting attacks relies on user type errors being inputted into installation commands or manifest files.
For example, let's take the popular npm package moment which has tens of millions of weekly downloads.
A user would like use this package and assisting the npm install command like so:
npm install moment
However, sometimes users tend to do accidentally typos, so another user would write:
npm install momnet
In this case, if a package exists under the Typosquatting name, it will be fetched and used.
Attackers find this method effective and usually tend to copy the original functionality and metadata to avoid detection. Typosquatting is one way to mislead developers to download the wrong package and usually includes with a malicious payloads.
Vulnerable Package issue exists @ Npm-momnet-2.29.1 in branch main
This package name is similar to other popular package "moment"
About
Typosquatting attacks relies on user type errors being inputted into installation commands or manifest files.
For example, let's take the popular npm package moment which has tens of millions of weekly downloads.
A user would like use this package and assisting the
npm install
command like so:However, sometimes users tend to do accidentally typos, so another user would write:
In this case, if a package exists under the Typosquatting name, it will be fetched and used.
Attackers find this method effective and usually tend to copy the original functionality and metadata to avoid detection. Typosquatting is one way to mislead developers to download the wrong package and usually includes with a malicious payloads.
Namespace: gvocstr
Repository: ast-advanced-lab
Repository Url: https://github.com/gvocstr/ast-advanced-lab
CxAST-Project: gvocstr/ast-advanced-lab
CxAST platform scan: 2a525e57-0ef3-4b26-9f0e-6090ac931cbe
Branch: main
Application: ast-advanced-lab
Severity: HIGH
State: NOT_IGNORED
Status: NEW
CWE: Typosquatting
Addition Info
The text was updated successfully, but these errors were encountered: