Again and again, we read in the IT news about new security gaps that have been identified.
Most of the time, you don’t even hear or read anything about all the security holes found that are not as well known as the SolarWinds Hack, for example.
But what is the typical lifecycle of such a security gap?
Namespace Shadowing (a.k.a. “Dependency Confusion”) Attack
The npm Registry is vulnerable to supply chain namespace shadowing, also known as “Dependency Confusion” attacks.
Make sure you create npm scoped packages and force exclude patterns.