# Dependency Confusion Dependency confusion (also called namespace confusion or substitution attack) is a supply chain attack where an attacker publishes a malicious package on a public registry using the same name as an organization's private/internal package. Build systems that check public registries before (or in addition to) private ones pull the attacker's package instead of the legitimate internal one. ## How it works 1. Attacker identifies the name of an internal package (via leaked lockfiles, job postings, error messages, open-source build configs) 2. Publishes a package with that exact name on a public registry (npm, PyPI, RubyGems) 3. Sets the version number very high (e.g., `99.0.0`) to win version resolution 4. The organization's build system resolves the dependency, finds the higher-versioned public package, and installs it 5. Post-install scripts or import-time code executes the payload ## Original research Alex Birsan published the technique in February 2021. He successfully compromised over 35 major companies including Apple, Microsoft, and PayPal using this method. All were responsible disclosures through bug bounty programs, earning over $130,000 in bounties. The key insight: most package managers default to preferring public registries, and many organizations don't pin their internal dependencies to private registry sources. ## Why it's effective - Internal package names are often guessable or discoverable (e.g., `company-utils`, `internal-auth`) - Build systems default to public registries - Version resolution favors higher versions - CI/CD pipelines run with elevated privileges, amplifying the impact - No authentication is required to publish to most public registries ## Mitigation 1. **Namespace scoping**: use scoped packages (`@company/package`) on npm; use namespaced indices on PyPI 2. **Registry pinning**: configure package managers to resolve specific packages only from private registries 3. **Version pinning**: lock all dependency versions; never use `latest` or `*` 4. **Placeholder packages**: publish empty packages with your internal names on public registries to block attackers 5. **Lockfile integrity**: commit lockfiles and review changes to dependency sources 6. **Network controls**: restrict CI/CD from reaching public registries for internal-only packages ## References - Alex Birsan, "Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies" (2021) ## Related - [[Namesquatting]] - [[Typosquatting]] - [[Slopsquatting]] - [[Software Supply Chain Security]] - [[Package Registry Security]] - [[Software Composition Analysis (SCA)]] - [[AI Skill Supply Chain Security]] - [[Attack vectors]] - [[Least Privilege Principle]]