Expand description
Checks and a harness to detect potential typosquatting in a package repository.
This is ported from typogard, originally by a team led by Matthew Taylor at the
University of Kansas and published alongside the Defending Against Package
Typosquatting paper, and adapted by Dan Gardner for crates.io
specifically.
Theory of operation
Given a Corpus of popular packages, the checks in the checks module allow new or
interesting packages to be matched against that corpus to look for common typosquatting
techniques. Custom checks may also be written by implementing checks::Check; custom checks
should use checks::Squat::Custom when returning potential typosquats.
A Harness is provided that can be used to run a suite of checks against a single package,
or — when the rayon feature is enabled — against many packages at once in parallel.
Checks and corpora both use instances of Package, which provides a basic lowest common
denominator representation of ecosystem-specific packages. Users are expected to implement
Package (and the related AuthorSet) on their native package type for analysis.
Tracing
Potentially expensive operations are traced using tracing at the TRACE level, except for
Harness::check, which is traced at the DEBUG level.
Re-exports
pub use corpus::Corpus;
Modules
- Checks provided by typomania, along with the traits and types required to define custom checks.
- The
Corpustrait, and utility functions related to implementing it.
Structs
- A basic harness that runs its configured checks against one or more potentially typosquatted packages.
- A builder for
Harness.
Enums
Traits
- Trait that packages must implement to check if they have a particular author.
- Common trait that packages must implement to provide common metadata used by checks and corpora.