Typosquatting attacks take place when bad actors push malicious packages to a registry with the hope of tricking users into installing them. Public software registries, such as npm or PyPI, are examples of ecosystems where we’ve witnessed such attempts happening already.1