Supply Chain Checked by Vezraa
Dependency Confusion
Installing a malicious public package with the same name as an internal private package.
Dependency confusion happens when package managers prioritize public registry packages over private ones. An attacker publishes a package with the same name as your internal package. Fix by scoping all internal packages and using registry configuration.