Security Checks
The security checks box on the UI gives further details of the following aspects
- Repository affiliation (Shared Repositories): Indicates whether a package shares its source repository.
- Typosquatting: Indicates whether a package is likely to be a “typosquat,” or the practice of malicious actors who give their packages a slightly similar name to a reputable package, with the intention of tricking developers into installing a malicious package.
There is also detail that includes
- Trusty Score: The overall score of the package.
- Proof of Origin (Provenance): The strength of the link between a published package and its source repository.