Metadata-Version: 2.4
Name: kw-json
Version: 0.0.1
Summary: Security research PoC - dependency confusion demonstration for HackerOne bug bounty (ferox0101)
Author-email: ferox0101 <ferox0101@wearehackerone.com>
License: MIT
Project-URL: Homepage, https://hackerone.com/ferox0101
Classifier: Development Status :: 1 - Planning
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Requires-Python: >=3.7
Description-Content-Type: text/markdown

# kw-json — Security Research PoC

**This package is a proof-of-concept for a HackerOne bug bounty report.**

**Researcher:** [ferox0101](https://hackerone.com/ferox0101)

This package demonstrates a dependency confusion / typosquatting vulnerability
affecting Kiwi.com's `kiwi-json` library (which imports as `kw.json`).

A developer typing `pip install kw-json` instead of `pip install kiwi-json`
would install this package instead of the intended Kiwi.com library.

**This package is intentionally empty and harmless.**

It will be transferred to Kiwi.com or removed upon resolution of the security report.
