Security Checks

The security checks box on the UI gives further details of the following aspects

• Repository affiliation (Shared Repositories): Indicates whether a package shares its source repository.
• Typosquatting: Indicates whether a package is likely to be a “typosquat,” or the practice of malicious actors who give their packages a slightly similar name to a reputable package, with the intention of tricking developers into installing a malicious package.

There is also detail that includes

• Trusty Score: The overall score of the package.
• Proof of Origin (Provenance): The strength of the link between a published package and its source repository.