elementsinteractive · sdn4z · Sep 18, 2025
@@ -35,7 +35,7 @@ In short, `Twyn` protects you against [typosquatting attacks](https://en.wikiped
 
 It works as follows:
 
-1. Either choose to scan the dependencies in a dependencies file you specify (`--dependency-file`) or some dependencies introduced through the CLI (`--dependency`). If no option was provided, it will try to find a dependencies file in your working path. It will try to parse all the supported dependency files that it finds. To know which files are supported head to the [Dependency files](#dependency-files) section.
+1. Either choose to scan the dependencies in a dependencies file you specify (`--dependency-file`) or some dependencies introduced through the CLI (`--dependency`). If no option was provided, it will try to find a dependencies file in your working path. It will try to parse all the supported dependency files that it finds. To know which files are supported head to the [Dependency files](#dependency-files) section. You can also provide a `selector-method`, its default value is `first-letter`.
 2. If the name of your package name matches with the name of one of the most well known packages, the package is accepted.
 3. If the name of your package is similar to the name of one of the most used packages, `Twyn` will prompt an error.
 4. If your package name is not in the list of the most known ones and is not similar enough to any of those to be considered misspelled, the package is accepted. `Twyn` assumes that you're using either a not so popular package (therefore it can't verify its legitimacy) or a package created by yourself, therefore unknown for the rest.
@@ -69,7 +69,7 @@ docker run elementsinteractive/twyn --help
 | `--config`               | `str` (path)                                       | Path to configuration file (`twyn.toml` or `pyproject.toml` by default).                      |
 | `--dependency-file`      | `str` (path)                                       | Dependency file to analyze. Supported: `requirements.txt`, `poetry.lock`, `uv.lock`, etc.     |
 | `--dependency`           | `str` (multiple allowed)                           | Dependency to analyze directly. Can be specified multiple times.                              |
-| `--selector-method`      | `all`, `first-letter`, `nearby-letter`             | Method for selecting possible typosquats.                                                     |
+| `--selector-method`      | `all`, `first-letter`, `nearby-letter`. | Method for selecting possible typosquats.                                                     |
 | `--package-ecosystem`    | `pypi`, `npm`                                      | Package ecosystem for analysis.                                                               |
 | `-v`                     | flag                                               | Enable info-level logging.                                                                    |
 | `-vv`                    | flag                                               | Enable debug-level logging.                                                                   |

@@ -31,7 +31,7 @@
 }
 
 
-DEFAULT_SELECTOR_METHOD = "all"
+DEFAULT_SELECTOR_METHOD = "first-letter"
 DEFAULT_PROJECT_TOML_FILE = "pyproject.toml"
 DEFAULT_TWYN_TOML_FILE = "twyn.toml"
 DEFAULT_USE_CACHE = True

@@ -11,7 +11,7 @@
 
 
 class SimilarityThreshold:
-    LENGTH_CUTOFF = 5
+    LENGTH_CUTOFF = 10
     MIN_VALUE = 1.0
     MAX_FOR_SHORT_WORDS = 1.0
     MAX_FOR_LONG_WORDS = 2.0

@@ -33,7 +33,7 @@ def test_no_enforce_file_on_non_existent_file(self, mock_is_file: Mock) -> None:
 
         assert config == TwynConfiguration(
             dependency_files=set(),
-            selector_method="all",
+            selector_method="first-letter",
             allowlist=set(),
             source=None,
             use_cache=True,

@@ -35,7 +35,7 @@ class TestCheckDependencies:
         [
             (
                 {
-                    "selector_method": "first-letter",
+                    "selector_method": "all",
                     "dependency_file": {"requirements.txt"},
                     "use_cache": True,
                     "pypi_reference": "https://myurl.com",
@@ -51,7 +51,7 @@ class TestCheckDependencies:
                 },
                 TwynConfiguration(
                     dependency_files={"requirements.txt"},
-                    selector_method="first-letter",
+                    selector_method="all",
                     allowlist={"boto4", "boto2"},
                     source=TopPyPiReference.DEFAULT_SOURCE,
                     use_cache=True,
@@ -84,7 +84,7 @@ class TestCheckDependencies:
                 {},
                 TwynConfiguration(
                     dependency_files=set(),
-                    selector_method="all",
+                    selector_method="first-letter",
                     allowlist=set(),
                     source=TopPyPiReference.DEFAULT_SOURCE,
                     use_cache=True,

@@ -71,10 +71,10 @@ def test_tree_representation(self):
                 [],
             ),  # distance is 1, inside threshold, but start with different letter
             (
-                "abcdef",
-                {"abcdefgh"},
+                "abcdefghijklm",
+                {"abcdefghijklmn"},
                 FirstLetterExact(),
-                ["abcdefgh"],
+                ["abcdefghijklmn"],
             ),  # distance is 2, inside threshold (because it's a longer word)
             # Nearby letters
             (
@@ -96,10 +96,10 @@ def test_tree_representation(self):
                 ["numpy"],
             ),  # distance is 1, inside threshold. First letter is changed and nearby
             (
-                "mumpyy",
-                {"numpy"},
+                "abcdefghijklm",
+                {"sbcdefghijklm"},
                 FirstLetterNearbyInKeyboard(),
-                ["numpy"],
+                ["sbcdefghijklm"],
             ),  # distance is 2, inside threshold. First letter is changed and nearby
             (
                 "rest_framework",