Skip to content
← Back to Glossary
Supply Chain Checked by Vezraa

Dependency Confusion

Installing a malicious public package with the same name as an internal private package.

Dependency confusion happens when package managers prioritize public registry packages over private ones. An attacker publishes a package with the same name as your internal package. Fix by scoping all internal packages and using registry configuration.

Related Terms

See if your app is vulnerable

Vezraa checks for this security issues. Scan in 25 seconds.

Dependency Confusion — Security Glossary | Vezraa