lint: fix typos

Signed-off-by: Mike Fiedler <[email protected]>

Author: miketheman

docs/blog/posts/2023-09-18-inbound-malware-reporting.md

@@ -134,7 +134,7 @@ Again, since the nature of email isn't 100% accurate in this case,
 we'll rely on calculating the duration of time (in minutes)
 between the first message of a thread and the last message of a thread.
 This doesn't account for the occasional behavior of a reporter
-re-using the same thread to report more packages,
+reusing the same thread to report more packages,
 nor does it reflect any other back-and-forth communication
 between admins and reporters.
 As such, removing any threads that have more than 4 total messages

docs/blog/posts/2024-11-14-pypi-now-supports-digital-attestations.md

@@ -96,7 +96,7 @@ tools was performed by [Trail of Bits], with special thanks to contributors
 Thanks to the the [Sigstore project] for their work popularizing identity-based signing, hosting a public-good transparency log, and continued support of the [Python client for Sigstore].
 
 Many thanks to [Sviatoslav Sydorenko] as well for his support and ongoing
-maintenence of the [pypa/gh-action-pypi-publish] action, as well his support
+maintenance of the [pypa/gh-action-pypi-publish] action, as well his support
 for implementing PEP 740 in the action.
 
 ---

docs/blog/posts/2024-12-11-ultralytics-attack-analysis.md

@@ -55,7 +55,7 @@ If you are publishing software to PyPI then you can harden your build and publis
 In addition to the specific recommendations above, we strongly recommend general account security best practices such as:
 
 * **Use 2FA / MFA, preferably using a hardware key or authenticator app for all accounts associated with open source contributions.** This includes your email address and accounts for source forge(s) like GitHub or GitLab. Avoid SMS and text-message-based 2FA schemes if possible, as they are susceptible to SIM-swapping. PyPI already requires the use of 2FA to publish packages.
-* **Don’t reuse passwords, use a password manager.** Re-using passwords for services means that a compromise to one service will compromise your account(s) elsewhere.
+* **Don’t reuse passwords, use a password manager.** Reusing passwords for services means that a compromise to one service will compromise your account(s) elsewhere.
 
 Prevention is important, but just as important is preparedness. Here’s what to do if your own project is compromised:
 

docs/blog/posts/2025-08-14-project-status-markers.md

@@ -121,7 +121,7 @@ which have both index-side and installer-side semantics:
   will not offer it for installation, and installers are encouraged to
   produce a warning when users attempt to install it[^warning].
 * **deprecated**: Indicates that the project is considered obsolete,
-  and may have been superceded by another project. Unlike archived projects,
+  and may have been superseded by another project. Unlike archived projects,
   deprecated projects can still be uploaded to, but installers are encouraged
   to inform users about the project's deprecation.
 

docs/dev/development/getting-started.rst

@@ -411,7 +411,7 @@ we have a common Key set in the database for those users:
 This will emit a 6-digit code you can paste into the 2FA form.
 
 For other accounts, you'll need to preserve the Key used
-to genreate the TOTP code the next time you need to log in.
+to generate the TOTP code the next time you need to log in.
 
 To be able to "forget" the initial Key, and use it like a TOTP app,
 create a storage and set a password, like so:

docs/dev/development/token-scanning.rst

@@ -13,7 +13,7 @@ How to test it manually
 ^^^^^^^^^^^^^^^^^^^^^^^
 
 A fake token reporting service is launched by Docker Compose. Head your browser to
-``http://localhost:8964``. Create/reorder/... one ore more public keys, make
+``http://localhost:8964``. Create/reorder/... one or more public keys, make
 sure one key is marked as current, then write your payload, using the following
 format:
 

docs/user/api/index.md

@@ -97,7 +97,7 @@ def wheel_url(name, version, build_tag, python_tag, abi_tag, platform_tag):
     return f'{host}/packages/{python_tag}/{name[0]}/{name}/{filename}'
 ```
 
-Example predicable URL use:
+Example predictable URL use:
 
 ```bash
 $ curl -I https://files.pythonhosted.org/packages/source/v/virtualenv/virtualenv-15.2.0.tar.gz

docs/user/trusted-publishers/troubleshooting.md

@@ -60,7 +60,7 @@ endpoint:
   as configured when the publisher was configured on PyPI.
 * `invalid-publisher` for a previously-working project: this usually indicates
   a typo or that something has changed on either side. One example we've seen
-  is when a source repository is renamed, and the configration on PyPI
+  is when a source repository is renamed, and the configuration on PyPI
   continues to use the old repository name. For GitHub, check that the
   `repository_owner`, `repository` and workflow filename values are the same on
   both sides.

tests/conftest.py

@@ -687,7 +687,7 @@ def xmlrpc(self, path, method, *args):
 
 @pytest.fixture
 def tm():
-    # Create a new transaction manager for dependant test cases
+    # Create a new transaction manager for dependent test cases
     tm = transaction.TransactionManager(explicit=True)
     tm.begin()
 

tests/frontend/delete_confirm_controller_test.js

@@ -31,7 +31,7 @@ describe("DeleteConfirm controller", () => {
 
   describe("functionality", function() {
     describe("checking one box", function() {
-      it("doesnt enable the button", function() {
+      it("doesn't enable the button", function() {
         const inputOne = document.getElementById("input-one");
         expect(inputOne).not.toBeChecked();
         fireEvent.click(inputOne);