# GitHub Container Repo Typosquatting

#typo-squatting
#OSS

I often scan through Hackernews to see what the latest is and hacking and security posts will often get my attention.
Recently there was a post entitled ["Ghrc.io appears to be malicious"](https://news.ycombinator.com/item?id=45008740),
this highlighted a [typosquatting attack](https://en.wikipedia.org/wiki/Typosquatting) on the GitHub container registry
domain `ghcr.io` with the extremely convincing domain `ghrc.io`. One of the people in the comments shared a link to a
GitHub search (<https://github.com/search?q=ghrc.io&type=code>) which showed it was used 856 times across 12 repos!

![GitHub search showing the results stats](/images/ghrc-typo-search.png)

Many of the affected repos already had PRs but not all of them, I thought I could lend a hand and fix a couple more.
I went through all the results discarding repos which hadn't been updated in years or that were throwaways/tests.

This left me with 2 repos, I forked, cloned, fixed and PRed each of them:

<div class="full-bleed" style="display: grid; grid-template-columns: 1fr 1fr; gap: 1rem;">
    <a href="https://github.com/beecave-homelab/insanely-fast-whisper-rocm/pull/19"><img style="width: 100%; margin: 0;" src="https://opengraph.githubassets.com/ce659ec4da68ca61c90b2c02feb67de47fbd7c01082e330aebc62adfd8798803/beecave-homelab/insanely-fast-whisper-rocm/pull/19"/></a>
    <a href="https://github.com/diogovalentte/mantium/pull/15"><img style="width: 100%; margin: 0;" src="https://opengraph.githubassets.com/68cd2f8f052830d37ca6ee8344532b41801358d4d9e38c5e723eedd837e98ce6/diogovalentte/mantium/pull/15"/></a>
</div>

Every little helps.