Typosquatting package names allows remote code execution

My student Nikolai Tschacher has released his bachelor thesis about typosquatting attacks on command-line based package managers. Nikolai carried out a covert field study in order to determine to what extent software developers make typos when they install packages on the command line. Installing packages on the command line has become popular with the advent of frameworks like NodeJS (npm) and languages like Ruby (gem). Typos during installation endanger development and production machines.