MAL-2026-4824

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (29ce930466b101c48ae641d7e4ad57f3d5169b9f14b1e041e4264e75cbfd965b) Package name `cdktn-provider-datadog` is a single-character variant (f→n) of HashiCorp's widely-used `cdktf-provider-datadog` CDKTF provider. README and source have been edited to reference a fictitious 'CDK Terrain' project at `cdktn.io` / `github.com/cdktn-io`. setup.py declares `install_requires=['cdktn>=0.23.0, <0.24.0',...]`, and `src/cdktn_provider_datadog/_jsii/__init__.py` unconditionally executes `import cdktn._jsii` at module load. Installing this package therefore forces resolution and installation of a separately-published `cdktn` core package in a parallel typosquat namespace controlled by an unrelated third party. A developer who mistypes the legitimate package name pulls in the entire `cdktn*` namespace as transitive dependencies, whose code runs whenever the provider is imported.