diff --git a/README.md b/README.md index 0feedf1..315955c 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ In short, `Twyn` protects you against [typosquatting attacks](https://en.wikiped It works as follows: -1. Either choose to scan the dependencies in a dependencies file you specify (`--dependency-file`) or some dependencies introduced through the CLI (`--dependency`). If no option was provided, it will try to find a dependencies file in your working path. It will try to parse all the supported dependency files that it finds. To know which files are supported head to the [Dependency files](#dependency-files) section. +1. Either choose to scan the dependencies in a dependencies file you specify (`--dependency-file`) or some dependencies introduced through the CLI (`--dependency`). If no option was provided, it will try to find a dependencies file in your working path. It will try to parse all the supported dependency files that it finds. To know which files are supported head to the [Dependency files](#dependency-files) section. You can also provide a `selector-method`, its default value is `first-letter`. 2. If the name of your package name matches with the name of one of the most well known packages, the package is accepted. 3. If the name of your package is similar to the name of one of the most used packages, `Twyn` will prompt an error. 4. If your package name is not in the list of the most known ones and is not similar enough to any of those to be considered misspelled, the package is accepted. `Twyn` assumes that you're using either a not so popular package (therefore it can't verify its legitimacy) or a package created by yourself, therefore unknown for the rest. @@ -69,7 +69,7 @@ docker run elementsinteractive/twyn --help | `--config` | `str` (path) | Path to configuration file (`twyn.toml` or `pyproject.toml` by default). | | `--dependency-file` | `str` (path) | Dependency file to analyze. Supported: `requirements.txt`, `poetry.lock`, `uv.lock`, etc. | | `--dependency` | `str` (multiple allowed) | Dependency to analyze directly. Can be specified multiple times. | -| `--selector-method` | `all`, `first-letter`, `nearby-letter` | Method for selecting possible typosquats. | +| `--selector-method` | `all`, `first-letter`, `nearby-letter`. | Method for selecting possible typosquats. | | `--package-ecosystem` | `pypi`, `npm` | Package ecosystem for analysis. | | `-v` | flag | Enable info-level logging. | | `-vv` | flag | Enable debug-level logging. | diff --git a/src/twyn/base/constants.py b/src/twyn/base/constants.py index 16cd161..a51bfef 100644 --- a/src/twyn/base/constants.py +++ b/src/twyn/base/constants.py @@ -31,7 +31,7 @@ } -DEFAULT_SELECTOR_METHOD = "all" +DEFAULT_SELECTOR_METHOD = "first-letter" DEFAULT_PROJECT_TOML_FILE = "pyproject.toml" DEFAULT_TWYN_TOML_FILE = "twyn.toml" DEFAULT_USE_CACHE = True diff --git a/src/twyn/similarity/algorithm.py b/src/twyn/similarity/algorithm.py index 659f9dd..6213430 100644 --- a/src/twyn/similarity/algorithm.py +++ b/src/twyn/similarity/algorithm.py @@ -11,7 +11,7 @@ class SimilarityThreshold: - LENGTH_CUTOFF = 5 + LENGTH_CUTOFF = 10 MIN_VALUE = 1.0 MAX_FOR_SHORT_WORDS = 1.0 MAX_FOR_LONG_WORDS = 2.0 diff --git a/tests/config/test_config_handler.py b/tests/config/test_config_handler.py index 1b6f0fb..aed3043 100644 --- a/tests/config/test_config_handler.py +++ b/tests/config/test_config_handler.py @@ -33,7 +33,7 @@ def test_no_enforce_file_on_non_existent_file(self, mock_is_file: Mock) -> None: assert config == TwynConfiguration( dependency_files=set(), - selector_method="all", + selector_method="first-letter", allowlist=set(), source=None, use_cache=True, diff --git a/tests/main/test_main.py b/tests/main/test_main.py index 6affd84..174f041 100644 --- a/tests/main/test_main.py +++ b/tests/main/test_main.py @@ -35,7 +35,7 @@ class TestCheckDependencies: [ ( { - "selector_method": "first-letter", + "selector_method": "all", "dependency_file": {"requirements.txt"}, "use_cache": True, "pypi_reference": "https://myurl.com", @@ -51,7 +51,7 @@ class TestCheckDependencies: }, TwynConfiguration( dependency_files={"requirements.txt"}, - selector_method="first-letter", + selector_method="all", allowlist={"boto4", "boto2"}, source=TopPyPiReference.DEFAULT_SOURCE, use_cache=True, @@ -84,7 +84,7 @@ class TestCheckDependencies: {}, TwynConfiguration( dependency_files=set(), - selector_method="all", + selector_method="first-letter", allowlist=set(), source=TopPyPiReference.DEFAULT_SOURCE, use_cache=True, diff --git a/tests/trusted_packages/test_trusted_packages.py b/tests/trusted_packages/test_trusted_packages.py index 1b9db3d..6de88bd 100644 --- a/tests/trusted_packages/test_trusted_packages.py +++ b/tests/trusted_packages/test_trusted_packages.py @@ -71,10 +71,10 @@ def test_tree_representation(self): [], ), # distance is 1, inside threshold, but start with different letter ( - "abcdef", - {"abcdefgh"}, + "abcdefghijklm", + {"abcdefghijklmn"}, FirstLetterExact(), - ["abcdefgh"], + ["abcdefghijklmn"], ), # distance is 2, inside threshold (because it's a longer word) # Nearby letters ( @@ -96,10 +96,10 @@ def test_tree_representation(self): ["numpy"], ), # distance is 1, inside threshold. First letter is changed and nearby ( - "mumpyy", - {"numpy"}, + "abcdefghijklm", + {"sbcdefghijklm"}, FirstLetterNearbyInKeyboard(), - ["numpy"], + ["sbcdefghijklm"], ), # distance is 2, inside threshold. First letter is changed and nearby ( "rest_framework",