Security Checks
Security checks provides further details of the following aspects:
- Repository affiliation (Shared Repositories): Indicates whether a package shares its source repository.
- Typosquatting: Indicates whether a package is likely to be a “typosquat,” or the practice of malicious actors who give their packages a slightly similar name to a reputable package, with the intention of tricking developers into installing a malicious package.
- Vulnerabilities: Indicates whether a package has vulnerabilities as reported from osv.dev.
There is also detail that includes
- Trusty Score: The overall score of the package.
- Proof of Origin (Provenance): The strength of the link between a published package and its source repository.