Dev Ops · n8n
Scan New Dependencies for Typosquatting Attacks
A single typosquatted package name in a pull request can inject malware into your build. Scan new dependencies in PRs against known-good names and flag suspicious near-matches.
difficulty Advancedsetup 35 minresult Typosquatted packages get caught in code review before they ever reach your build — a supply-chain attack blocked.—
- 1
Watch Dependency Changes
Add a
GitHub Triggeron PRs modifying package manifests. - 2
Check the New Packages
Add a step comparing added packages against popular-package names and your known-good list.
- 3
Judge Suspicious Names
Add an
OpenAInode flagging near-misses of popular packages and other red flags. - 4
Flag for Review
Add a
Slacknode surfacing suspicious dependencies to the reviewer. - 5
Activate and Test
Activate the workflow with a typosquat test package. Confirm it's flagged.
Frequently asked questions
Why is this a real threat?
Typosquatting is a documented supply-chain attack vector — a name one letter off can be pure malware.
False positives?
Flag for human review rather than blocking — a reviewer confirms legitimate new dependencies quickly.
About this recipe. Recipes on FlowRecipesHub are written for business owners, not developers, and are tested before publishing — how recipes get made. Some ingredient links are affiliate links that cost you nothing — full disclosure.