Following the earlier discussion (https://news.ycombinator.com/item?id=14901566) about the malicious crossenv package, I've knocked together a quick tool that might help to spot such typosquatting:

https://www.npmjs.com/package/check-typosquatters

(It's the first time I've published anything to npm so let me know if I have done anything wrong...)

It uses the list of package names from the all-the-package-names package and returns the 10 packages with the most similar names to the supplied parameter (using Levenshtein distance)

It also displays their rank based on dependent packages to give an idea of how they compare in usage.

It uses a package of package names that is updated daily.

Could a tool like this help to avoid installing a typosquatting package rather than the intended one?

I wonder whether a wrapper for npm install that warns if there is a higher ranked package within a small Levenshtein might be more useful.

nice tool please download and install https://www.npmjs.com/package/check-typosquaters very good

(Just kidding.)