Skip to content

Commit 2ed7a76

Browse files
sdn4zsdn4z
committed
refactor: Tweak thresholds
BREAKING CHANGE
1 parent fb634a6 commit 2ed7a76

File tree

6 files changed

+14
-14
lines changed

6 files changed

+14
-14
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ In short, `Twyn` protects you against [typosquatting attacks](https://en.wikiped
3535

3636
It works as follows:
3737

38-
1. Either choose to scan the dependencies in a dependencies file you specify (`--dependency-file`) or some dependencies introduced through the CLI (`--dependency`). If no option was provided, it will try to find a dependencies file in your working path. It will try to parse all the supported dependency files that it finds. To know which files are supported head to the [Dependency files](#dependency-files) section.
38+
1. Either choose to scan the dependencies in a dependencies file you specify (`--dependency-file`) or some dependencies introduced through the CLI (`--dependency`). If no option was provided, it will try to find a dependencies file in your working path. It will try to parse all the supported dependency files that it finds. To know which files are supported head to the [Dependency files](#dependency-files) section. You can also provide a `selector-method`, its default value is `first-letter`.
3939
2. If the name of your package name matches with the name of one of the most well known packages, the package is accepted.
4040
3. If the name of your package is similar to the name of one of the most used packages, `Twyn` will prompt an error.
4141
4. If your package name is not in the list of the most known ones and is not similar enough to any of those to be considered misspelled, the package is accepted. `Twyn` assumes that you're using either a not so popular package (therefore it can't verify its legitimacy) or a package created by yourself, therefore unknown for the rest.
@@ -69,7 +69,7 @@ docker run elementsinteractive/twyn --help
6969
| `--config` | `str` (path) | Path to configuration file (`twyn.toml` or `pyproject.toml` by default). |
7070
| `--dependency-file` | `str` (path) | Dependency file to analyze. Supported: `requirements.txt`, `poetry.lock`, `uv.lock`, etc. |
7171
| `--dependency` | `str` (multiple allowed) | Dependency to analyze directly. Can be specified multiple times. |
72-
| `--selector-method` | `all`, `first-letter`, `nearby-letter` | Method for selecting possible typosquats. |
72+
| `--selector-method` | `all`, `first-letter`, `nearby-letter`. | Method for selecting possible typosquats. |
7373
| `--package-ecosystem` | `pypi`, `npm` | Package ecosystem for analysis. |
7474
| `-v` | flag | Enable info-level logging. |
7575
| `-vv` | flag | Enable debug-level logging. |

src/twyn/base/constants.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@
3131
}
3232

3333

34-
DEFAULT_SELECTOR_METHOD = "all"
34+
DEFAULT_SELECTOR_METHOD = "first-letter"
3535
DEFAULT_PROJECT_TOML_FILE = "pyproject.toml"
3636
DEFAULT_TWYN_TOML_FILE = "twyn.toml"
3737
DEFAULT_USE_CACHE = True

src/twyn/similarity/algorithm.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111

1212

1313
class SimilarityThreshold:
14-
LENGTH_CUTOFF = 5
14+
LENGTH_CUTOFF = 10
1515
MIN_VALUE = 1.0
1616
MAX_FOR_SHORT_WORDS = 1.0
1717
MAX_FOR_LONG_WORDS = 2.0

tests/config/test_config_handler.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ def test_no_enforce_file_on_non_existent_file(self, mock_is_file: Mock) -> None:
3333

3434
assert config == TwynConfiguration(
3535
dependency_files=set(),
36-
selector_method="all",
36+
selector_method="first-letter",
3737
allowlist=set(),
3838
source=None,
3939
use_cache=True,

tests/main/test_main.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ class TestCheckDependencies:
3535
[
3636
(
3737
{
38-
"selector_method": "first-letter",
38+
"selector_method": "all",
3939
"dependency_file": {"requirements.txt"},
4040
"use_cache": True,
4141
"pypi_reference": "https://myurl.com",
@@ -51,7 +51,7 @@ class TestCheckDependencies:
5151
},
5252
TwynConfiguration(
5353
dependency_files={"requirements.txt"},
54-
selector_method="first-letter",
54+
selector_method="all",
5555
allowlist={"boto4", "boto2"},
5656
source=TopPyPiReference.DEFAULT_SOURCE,
5757
use_cache=True,
@@ -84,7 +84,7 @@ class TestCheckDependencies:
8484
{},
8585
TwynConfiguration(
8686
dependency_files=set(),
87-
selector_method="all",
87+
selector_method="first-letter",
8888
allowlist=set(),
8989
source=TopPyPiReference.DEFAULT_SOURCE,
9090
use_cache=True,

tests/trusted_packages/test_trusted_packages.py

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -71,10 +71,10 @@ def test_tree_representation(self):
7171
[],
7272
), # distance is 1, inside threshold, but start with different letter
7373
(
74-
"abcdef",
75-
{"abcdefgh"},
74+
"abcdefghijklm",
75+
{"abcdefghijklmn"},
7676
FirstLetterExact(),
77-
["abcdefgh"],
77+
["abcdefghijklmn"],
7878
), # distance is 2, inside threshold (because it's a longer word)
7979
# Nearby letters
8080
(
@@ -96,10 +96,10 @@ def test_tree_representation(self):
9696
["numpy"],
9797
), # distance is 1, inside threshold. First letter is changed and nearby
9898
(
99-
"mumpyy",
100-
{"numpy"},
99+
"abcdefghijklm",
100+
{"sbcdefghijklm"},
101101
FirstLetterNearbyInKeyboard(),
102-
["numpy"],
102+
["sbcdefghijklm"],
103103
), # distance is 2, inside threshold. First letter is changed and nearby
104104
(
105105
"rest_framework",

0 commit comments

Comments
 (0)