Dependency Confusion Attack.

A supply-chain attack in which an adversary publishes a malicious package on a public registry with the same name as an organization's internal dependency, tricking build tools into pulling the public version. It belongs to the Application Security category of cybersecurity.

A supply-chain attack in which an adversary publishes a malicious package on a public registry with the same name as an organization's internal dependency, tricking build tools into pulling the public version.

Dependency confusion exploits the default resolution behaviour of package managers (npm, pip, Maven, NuGet, RubyGems, and others) that combine public and private registries. An attacker discovers the name of an internal package (via leaked manifests, public repositories, or DNS), publishes a higher-version package with the same name on the public registry, and waits for build agents to install it. Alex Birsan's 2021 research showed dozens of major companies were vulnerable. Mitigations include explicit registry scoping (npm scoped packages, NuGet upstream feeds, pip --index-url), publishing internal placeholders on public registries, blocking outbound resolution, signing packages with Sigstore or PGP, and consuming through a curated artifact repository that pins both name and source. SLSA, SBOMs, and continuous monitoring of new public packages also help detect attempts.

Defences for Dependency Confusion Attack typically combine technical controls and operational practices, as detailed in the full definition above.

Common alternative names include: Substitution attack, Namespace confusion.