What is the final impact of this kill-chain?

The final step lands on Publish public package with same name + higher version (SUP-DEP-CONFUSION), which falls under Initial Access. From here, an operator typically pivots into post-exploitation or maintains persistence.

How can defenders detect or prevent this attack?

Detection and prevention vary per step. Refer to each linked MITRE ATT&CK entry under "References" — every technique on that page lists defensive controls, detection telemetry, and known threat-actor usage.

← RegistryDossier · 5 steps · 4 edges

Approved

Dependency confusion → internal CI compromise

Publish a public npm package with the name of a target's private internal dependency at a higher version. CI resolves the public one first and runs install scripts in privileged CI.

Filed by AD Knowledge BasePublished 2026-05-26

§ Kill-chainDrag · zoom · scroll

Execution

Postinstall runs in CI

T1059 · Command and Scripting Interpreter

Reconnaissance

Discover internal package names

W-RECON-JS-SECRETS · Hardcoded Secrets in JS Bundles

Execution

CI resolves public version

SUP-INSTALL-SCRIPT · Malicious Install Script

Credential Access

Exfil CI cloud credentials

CI-SECRET-IN-LOG · Secret Echo to Build Log

Initial Access

Publish public package with same name + higher version

SUP-DEP-CONFUSION · Dependency Confusion (Public ↔ Internal)

§ Context

Assumed environment: target maintains internal packages whose names appear in public-facing JS bundles, error messages, or leaked package-lock.json. CI runs with broad cloud creds.

§ Steps

01
Postinstall runs in CIExecution
T1059— Command and Scripting Interpreter
02
Discover internal package namesReconnaissance
W-RECON-JS-SECRETS— Hardcoded Secrets in JS Bundles
03
CI resolves public versionExecution
SUP-INSTALL-SCRIPT— Malicious Install Script
04
Exfil CI cloud credentialsCredential Access
CI-SECRET-IN-LOG— Secret Echo to Build Log
05
Publish public package with same name + higher versionInitial Access
SUP-DEP-CONFUSION— Dependency Confusion (Public ↔ Internal)

§ References

T1059Command and Scripting Interpreter

§ Frequently asked

What is the "Dependency confusion → internal CI compromise" attack path?: Publish a public npm package with the name of a target's private internal dependency at a higher version. CI resolves the public one first and runs install scripts in privileged CI. It chains 5 steps drawn from real-world offensive-security techniques.
What starting position does this attack require?: The first step is Postinstall runs in CI (T1059) — a execution primitive. Assumed environment: target maintains internal packages whose names appear in public-facing JS bundles, error messages, or leaked package-lock.
What is the final impact of this kill-chain?: The final step lands on Publish public package with same name + higher version (SUP-DEP-CONFUSION), which falls under Initial Access. From here, an operator typically pivots into post-exploitation or maintains persistence.
How can defenders detect or prevent this attack?: Detection and prevention vary per step. Refer to each linked MITRE ATT&CK entry under "References" — every technique on that page lists defensive controls, detection telemetry, and known threat-actor usage.

§ Related dossiers

Shared techniques2
Self-hosted runner takeover → persistent CI compromise
A public repo with self-hosted GitHub runners accepts external PRs. First malicious PR runs on the runner; the workflow drops a runner-hook that fires before every future job.

§ Context

§ Steps

§ References

§ Frequently asked

§ Related dossiers

Self-hosted runner takeover → persistent CI compromise