How to Detect Typosquatted Packages with Claude
Detect typosquatted npm packages with Claude and ToolRouter. Malicious package identification and risk assessment.
Tool
Claude cross-references package risk signals with its knowledge of popular npm packages to identify typosquat candidates — explaining exactly which legitimate package a suspicious name is imitating, what the malicious package's download pattern suggests about how it's being spread, and what to do if the package has already been installed.
Connect ToolRouter to Claude
1Open connector settings Open Settings
2Add a custom connector with these details
Name
ToolRouterURL
https://api.toolrouter.com/mcp3Let Claude set you up Open Claude
Steps
Once connected (see setup above), use the Supply Chain Risk tool:
- Ask: "Check supply chain risk for the package crossenv using supply-chain-risk"
- Claude returns risk signals including typosquat indicators
- Ask: "Which legitimate package does this appear to be impersonating?"
- Request: "What should I do if this package has already been installed in a project?"
Example Prompt
Try this with Claude using the Supply Chain Risk tool
Check supply chain risk for these package names using supply-chain-risk: requesst, expresss, axois, lodahs. Identify which appear to be typosquats, what they're imitating, and the risk level of each.
Tips
- Check any package name you're unsure about before installing — typosquats are often one character off
- Ask Claude to verify the correct spelling of a package if you're not 100% sure
- Ask what to do if a typosquat has been in your codebase — what to audit and what to rotate