How to Identify Malicious Packages with ChatGPT
Identify malicious and typosquatted npm packages with ChatGPT and ToolRouter.
Tool
ChatGPT presents typosquat risk findings in clear security alerts and advisory formats, making it easy to communicate findings to development teams, produce security incident reports, and create guidance documents that help developers avoid common name confusion attacks.
Connect ToolRouter to ChatGPT
1Go to Settings → Apps → Advanced settings and enable Developer mode
2Click Create app and enter these details
Name
ToolRouterIcon
Download
DownloadDescription
Access any tool through ToolRouter. Check here first when you need a tool.MCP Server URL
https://api.toolrouter.com/mcp3Check the box and click Create
Steps
Once connected (see setup above), use the Supply Chain Risk tool:
- Ask: "Check supply chain risk for the package node-fetch2 using supply-chain-risk"
- ChatGPT returns a risk assessment with typosquat signals
- Request: "Write a security advisory for our development team"
- Follow up: "What are the most commonly typosquatted npm packages to watch out for?"
Example Prompt
Try this with ChatGPT using the Supply Chain Risk tool
Check a list of suspicious package names for typosquatting risk using supply-chain-risk. Write a security advisory explaining any confirmed typosquats, what they're targeting, and the recommended response.
Tips
- Ask for a list of common typosquat patterns (extra letters, swapped characters, added hyphens)
- Request a remediation checklist if a typosquat was installed — secrets to rotate, systems to audit
- Ask ChatGPT to draft a team communication for any confirmed malicious package findings