PROBABLY_PENTEST (1) campaign cataloged at 2026-02-12(2).

1. Packages looking like typical pentest packages, but also anything that looks like testing, exploring pre-prepared kits, research & co, with clearly low-harm possibilities.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

GENERIC-local-typosquatting

Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file.

Abuse categories

dependency-confusion

An attempt to exploit dependency confusion

override_install

The package overrides the install command in setup.py to execute malicious code during installation.

typosquatting

The package name is an typosquatting variant of a popular package.

Packages in the campaign

campaign:GENERIC-local-typosquatting

• krbutils
• marshmellow
• opentelematry-api
• oraceldb
• pandaai
• pydantics
• ritch