Security signals

Trusty identifies security signals that consumers of open source packages should consider before integrating them into their development lifecycle. Security signals detect weakly defined security characteristics of a package that are a potential indicator of an unsafe package.

📄️ Provenance

Source of origin and build provenance validation

📄️ Typosquatting

Malicious packages that rely on misspellings and human error

📄️ Starjacking

Hijacking the reputation of a legitimate project