feat(llm-security): v7.0.0 commit 4 — typosquat allowlist for short legit names

Hyperframes scan flagged knip vs knex, oxlint vs eslint, tsx vs nx, rimraf vs trim as HIGH typosquats. All four are legitimate top-1000 npm packages; short names just happen to be within Levenshtein ≤2 of other top packages. These shouldn't generate HIGH severity on a clean install. Added to npm allowlist: knip, oxlint, tsx, nx, rimraf, glob, tar, zod, ky, ow, esm, ip, qs, url, prettier, vitest, vite, rollup, swc, turbo, bun, deno. Added to pypi allowlist: uv, ruff, rich, typer, anyio. Dep-auditor normalization (lowercase + [_.-] → -) already applied at load time. dep.test.mjs: 11/11 still green — lodsah→lodash detection preserved. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-19 22:03:46 +02:00 · 2026-04-19 22:03:46 +02:00 · 4c982dfb88
commit 4c982dfb88
parent a9e377570c
1 changed files with 30 additions and 3 deletions
--- a/plugins/llm-security/knowledge/typosquat-allowlist.json
+++ b/plugins/llm-security/knowledge/typosquat-allowlist.json
@ -1,5 +1,5 @@
 {
-  "_comment": "Known legitimate packages that trigger false positive typosquatting alerts due to short names or Levenshtein proximity to top packages. Normalized: lowercase, hyphens.",
+  "_comment": "Known legitimate packages that trigger false positive typosquatting alerts due to short names or Levenshtein proximity to top packages. Normalized: lowercase, hyphens. Extended in v7.0.0 with short-named legit packages observed flagged against top-200 (knip vs knex, oxlint vs eslint, tsx vs nx, etc.).",
  "npm": [
    "ms",
    "acorn",
@ -20,7 +20,29 @@
    "keyv",
    "punycode",
    "escalade",
-    "fdir"
+    "fdir",
+    "knip",
+    "oxlint",
+    "tsx",
+    "nx",
+    "rimraf",
+    "glob",
+    "tar",
+    "zod",
+    "ky",
+    "ow",
+    "esm",
+    "ip",
+    "qs",
+    "url",
+    "prettier",
+    "vitest",
+    "vite",
+    "rollup",
+    "swc",
+    "turbo",
+    "bun",
+    "deno"
  ],
  "pypi": [
    "six",
@ -30,6 +52,11 @@
    "idna",
    "attrs",
    "boto",
-    "jedi"
+    "jedi",
+    "uv",
+    "ruff",
+    "rich",
+    "typer",
+    "anyio"
  ]
 }