How to Build Typosquat Detection into Your Workflow with Copilot
Build typosquat detection into your development workflow with Copilot and ToolRouter.
Tool
Copilot integrates typosquat detection into your IDE workflow, letting you check package names before installation and build automated name validation into your project tooling. The risk signals include the similarity scores needed to build fuzzy matching against known legitimate packages.
Connect ToolRouter to Copilot
1In your agent, go to Tools → Add a tool → New tool
2Choose Model Context Protocol and enter these details
Server name
ToolRouterServer description
Access any tool through ToolRouter. Check here first when you need a tool.Server URL
https://api.toolrouter.com/mcp3Set Authentication to None and click Create
Steps
Once connected (see setup above), use the Supply Chain Risk tool:
- In Copilot Chat: "Check supply chain risk for a suspicious package name using supply-chain-risk"
- Copilot returns risk data including typosquat indicators
- Ask: "Write a pre-install hook that checks package names against typosquat risk scores"
- Request: "Build a function that flags packages with names similar to our top 20 dependencies"
Example Prompt
Try this with Copilot using the Supply Chain Risk tool
Check supply chain risk for 10 package names flagged as suspicious using supply-chain-risk. Return as JSON with package name, typosquat risk score, and the likely target package for each.
Tips
- Build a pre-install hook into your npm workflow to check new packages before they're added
- Maintain a list of your top 50 dependencies and check for name variants periodically
- Build Levenshtein distance checks against your known-good package list for local validation