{ "_comment": "Known legitimate packages that trigger false positive typosquatting alerts due to short names or Levenshtein proximity to top packages. Normalized: lowercase, hyphens.", "npm": [ "ms", "acorn", "levn", "lie", "jsesc", "jiti", "bidi-js", "@babel/core", "preact", "esbuild", "tslib", "nanoid", "picocolors", "lru-cache", "deep-is", "flat-cache", "keyv", "punycode", "escalade", "fdir" ], "pypi": [ "six", "pip", "pytz", "toml", "idna", "attrs", "boto", "jedi" ] }