MAL-2026-4825

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (51996ccf23fd3d3b291f945e2ec88504c93d7e302e183c7633632b8a03d1590d) Package name 'cdktn-provider-newrelic' is a single-character edit (cdktf→cdktn) of HashiCorp's official 'cdktf-provider-newrelic' (CDK for Terraform NewRelic provider bindings). The package replicates the target's full API surface — 80+ Terraform resource modules including alert_policy, nrql_alert_condition, and synthetics_* — and rebrands 'CDK for Terraform (cdktf)' as 'CDK Terrain (cdktn)' across the README and metadata, with a fabricated homepage (cdktn.io) and GitHub org (cdktn-io / open-constructs). setup.py declares install_requires of 'cdktn>=0.23.0,<0.24.0' — itself a typosquat of HashiCorp's 'cdktf' runtime — so a developer who mistypes the package name during `pip install` silently pulls a sibling typosquat package whose code runs at import time. The combination of a top-tier registry typosquat, full API mimicry to evade detection by would-be users, and a transitive typosquat dependency injected via install_requires constitutes namespace-abuse: the install resolves attacker-controlled code into the developer's environment under cover of HashiCorp's published API.