Baruch Sadogursky1 article

Latest post Namespace Shadowing (a.k.a. “Dependency Confusion”) Attack

The npm Registry is vulnerable to supply chain namespace shadowing, also known as “Dependency Confusion” attacks.

Make sure you create npm scoped packages and force exclude patterns.

Avatar photo
  • Baruch Sadogursky
April 22, 2021
1-1 of 1

Subscribe to foojay updates:
Copied to the clipboard