Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 [medium.com]
2021-02-11 14:14
When downloading and using a package from any of these sources, you are essentially trusting its publisher to run code on your machine. So can this blind trust be exploited by malicious actors?
Interesting variation on typo squatting.
source: HN