repojacking

Rendered from docs/alerts/repojacking.md

Back to index

repojacking

Flags signals that a package or its repository/maintainer relationship may be vulnerable to takeover (repojacking).

Implemented in: src/lib/detection/plugins/repojacking.ts
Enabled by default: no (available plugin; enable in the detection service/plugin set)

What it means

The package shows indicators that an attacker could take over a linked repository/namespace and publish malicious updates.

Why it matters

Repojacking is a real-world supply chain vector: attackers exploit abandoned repos, renamed orgs, or broken links to impersonate maintainers.

What to do

  • Verify repository ownership and maintainer identity.
  • Prefer actively maintained packages with verified provenance.
  • Monitor for sudden ownership, repo, or publishing changes.

Common fields

  • metadata may include which repojacking heuristic matched (repo URL mismatch, suspicious redirects, etc.)