Dependency Confusion
← Back to Software Supply Chain
An attack where a private package name is registered on a public registry with a higher version number. Package managers that check public registries first may install the attacker’s version instead of the internal one. Mitigated by scoped registries and namespace reservation.