Dependency Confusion: Another Supply-Chain Vulnerability

Source

Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files. From a ZDNet article : Today, developers at small or large companies use package managers to download and import libraries that are then assembled together using build tools to create a final app. This app can be offered to the company’s customers or can be used internally at the company as an employee tool. But some of these apps can also contain proprietary or highly-sensitive code, depending on their nature. For these apps, companies [...]