application-security

Dependency Confusion

Definition

Dependency confusion is a supply chain attack where an attacker publishes a malicious package to a public registry with the same name as a private internal package. Package managers that check public registries first will download the attacker's package instead of the legitimate private one.

Mitigations include scoping private packages, pinning versions, using artifact proxies, and configuring registry precedence.

Related Terms

Typosquatting

Supply Chain Security

Software Supply Chain Security

SCA

Software Composition Analysis

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product