scanner icon indicating copy to clipboard operation
scanner copied to clipboard
verified publisher icon NodeSecure

Malicious / Dangerous spec resolver to custom URL

Open fraxken opened this issue 8 months ago • 1 comments

Custom spec resolver can be used to fake a package name (such as axios in the following example)

Image

fraxken avatar Jun 22 '25 21:06 fraxken

https://snyk.io/blog/exploring-extensions-of-dependency-confusion-attacks-via-npm-package-aliasing/

fraxken avatar Jul 09 '25 18:07 fraxken