Security signals
Stacklok Insight identifies security signals that consumers of open source packages should consider before integrating them into their development lifecycle. Security signals detect weakly defined security characteristics of a package that are a potential indicator of an unsafe package.
📄️ Provenance
Source of origin and build provenance validation
📄️ Typosquatting
Malicious packages that rely on misspellings and human error
📄️ Starjacking
Hijacking the reputation of a legitimate project