I often scan through Hackernews to see what the latest is and hacking and security posts will often get my attention. Recently there was a post entitled "Ghrc.io appears to be malicious", this highlighted a typosquatting attack on the GitHub container registry domain ghcr.io with the extremely convincing domain ghrc.io. One of the people in the comments shared a link to a GitHub search (https://github.com/search?q=ghrc.io&type=code) which showed it was used 856 times across 12 repos!

Many of the affected repos already had PRs but not all of them, I thought I could lend a hand and fix a couple more. I went through all the results discarding repos which hadn't been updated in years or that were throwaways/tests.

This left me with 2 repos, I forked, cloned, fixed and PRed each of them:

Every little helps.