feat: add typosquatting analyzer for go modules

DataDog / guarddog

:snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI and npm packages

Apache License 2.0

628 stars 44 forks source link

Closed bthuilot closed 2 weeks ago

bthuilot commented 1 month ago

Adds typosquatting analyzer for go modules
Adds top_go_packages.json which contains top ~3000 go modules
- List was gathered by searching for go.mod files on GitHub with more than 50 stars
- Parsed the go.mod files and counted the amount of each pacakge used, then took all packages used in more than 10 repos

sobregosodd commented 1 month ago

which contains top 500 go modules

@bthuilot mind that we are using about 8k packages in other ecosystems for this detection