Get started
Tools / Supply Chain Risk / Use Cases / Detect Typosquatted and Malicious npm Packages

Detect Typosquatted and Malicious npm Packages

Identify npm packages that impersonate popular libraries through typosquatting, namespace confusion, or name similarity attacks.

Tool
Supply Chain Risk icon
Supply Chain Risk

Typosquatting attacks work because developers type package names quickly. Installing `lodahs` instead of `lodash`, or `crossenv` instead of `cross-env`, can execute credential-stealing or backdoor code silently. These packages are designed to evade detection by looking legitimate — they often include the real code alongside the malicious payload.

The package_risk skill includes typosquat detection signals: download count anomalies relative to similar package names, newly created packages with names close to top-downloaded libraries, and behavioural indicators from static analysis. A package with 80 downloads that's one character away from a package with 80 million is a signal worth investigating.

Developers who want to verify a package name before installing, security tools that scan package.json for suspicious names, and teams onboarding contractors who might have installed packages on their machines all use this to catch typosquat attempts before they become incidents.

Agent Guides

Claude

  1. Connect ToolRouter to Claude: claude mcp add toolrouter -- npx -y toolrouter-mcp
  2. Ask: "Check supply chain risk for the package crossenv using supply-chain-risk"
  3. Claude returns risk signals including typosquat indicators
Read full guide →

ChatGPT

  1. Add ToolRouter to ChatGPT using the MCP JSON configuration
  2. Ask: "Check supply chain risk for the package node-fetch2 using supply-chain-risk"
  3. ChatGPT returns a risk assessment with typosquat signals
Read full guide →

Copilot

  1. Add ToolRouter to your Copilot MCP configuration
  2. In Copilot Chat: "Check supply chain risk for a suspicious package name using supply-chain-risk"
  3. Copilot returns risk data including typosquat indicators
Read full guide →

OpenClaw

  1. Connect ToolRouter to OpenClaw: openclaw mcp add toolrouter -- npx -y toolrouter-mcp
  2. Run: "Check typosquat risk for packages similar to our top 100 dependencies using supply-chain-risk"
  3. OpenClaw returns risk assessments for all name variants checked
Read full guide →

Related Use Cases

Open Analyse Dependency Graphs for Hidden Risk

Analyse Dependency Graphs for Hidden Risk

Map the full dependency tree for any npm package and identify risky transitive dependencies buried in the graph.

Supply Chain Risk icon
Supply Chain Risk4 agent guides

Related Workflows

Software Dependency AuditMap the full dependency graph, assess supply chain risk per package, cross-reference CVEs, and deliver a prioritized audit deck.