← LibraryTechnique entry
W-NPM-DEPCONFUSIONInitial Access
Dependency Confusion
Publish a public package with the name of a target's internal-only dependency to trick npm/yarn into installing the attacker version.
§ Where this technique fits
W-NPM-DEPCONFUSION is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.