MAL-2026-4759

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (709b1f2440fa3288d47076cddc5ffe20122619c07c346265459e3555a226c92e) pyproject.toml lists `fuzy-jon==0.1.0` in both `[build-system].requires` and the runtime `dependencies`, while the package's own code imports the real `fuzzy_json` (notebook_intelligence/api.py line 9: `from fuzzy_json import loads as fuzzy_json_loads`). `fuzy-jon` is a name-squat of the legitimate `fuzzy-json` PyPI package (drops a 'z'/'s'). Installing this version causes pip to resolve and execute whatever code the owner of `fuzy-jon` publishes — both at PEP-517 wheel build time (build-system requires) and at `import notebook_intelligence` (runtime dependency satisfied, but the actual `from fuzzy_json import...` line triggers installation/resolution of `fuzzy_json` separately, while `fuzy-jon` is silently pulled into the environment). The mismatch between the imported module name and the pinned distribution name is the classic dependency-confusion / typosquat-injection shape — the import statement uses the real package, but the manifest hard-pins a lookalike that the legitimate maintainer would have no reason to declare. Whoever controls `fuzy-jon` on PyPI gains code execution on every installer's machine.