Skip to content
attack.paths
Anmelden
← LibraryTechnique entry
W-NPM-DEPCONFUSIONInitial Access

Dependency Confusion

Publish a public package with the name of a target's internal-only dependency to trick npm/yarn into installing the attacker version.

§ Where this technique fits

W-NPM-DEPCONFUSION is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.