Safeguard
Tag

dependency-confusion

Safeguard articles tagged "dependency-confusion" — guides, analysis, and best practices for software supply chain and application security.

51 articles

Security Guides

NuGet Supply Chain Security: Protecting Your .NET Dependencies

How NuGet supply chain attacks work, from dependency confusion to typosquatting, and the concrete controls, lock files, source mapping, and signing, that lock down your .NET build.

Jul 4, 20265 min read
Software Supply Chain Security

Understanding dependency confusion via npm package aliasing

npm's `npm:` alias syntax lets a trusted-looking dependency name resolve to attacker-controlled code — here's how that becomes dependency confusion, and how to detect it.

Jul 1, 20267 min read
Threat Intelligence

What Is Open Source Malware

Open source malware is code deliberately planted in packages to attack the systems that install it. Learn how it spreads, real incidents, and how it differs from CVEs.

Jun 3, 20267 min read
Threat Intelligence

Malicious PyPI packages: common infiltration patterns

Real malicious PyPI package examples — typosquats, dependency confusion, hijacked maintainers, and crypto stealers — and how Safeguard catches them before install.

May 10, 20268 min read
Software Supply Chain Security

What is Dependency Confusion

Dependency confusion lets attackers hijack builds by publishing malicious packages under private package names to public registries. Here's how it works.

Apr 4, 20266 min read
Software Supply Chain Security

Malicious dependency attacks in the software supply chain

Dependency confusion attacks let attackers hijack builds by publishing malicious packages with higher version numbers to public registries. Here's how they work and how to stop them.

Apr 4, 20267 min read
Software Supply Chain Security

What is Typosquatting

Typosquatting tricks developers into installing malicious lookalike packages. Learn how it works, real npm/PyPI attacks, and how to detect it.

Apr 4, 20267 min read
Software Supply Chain Security

What Are Malicious Packages

Malicious npm packages steal credentials, mine crypto, or wipe files. Learn how attackers plant them and how to detect and stop them fast.

Apr 3, 20267 min read
Supply Chain Attacks

How to Detect Dependency Confusion Attacks Before They Ship

Dependency confusion still works in 2026 because teams keep missing the same three controls. Here's how to detect and block it in npm, pip, and Maven.

Mar 27, 20268 min read
Emerging Technology

Reflection-Based Dependency Confusion Techniques

Dependency confusion is moving beyond name-typosquat. Reflection-based techniques let attackers hijack packages through dynamic imports and runtime resolution.

Mar 26, 20268 min read
Best Practices

How to Prevent Dependency Confusion in npm (2026)

Dependency confusion attacks are still landing in 2026 because scoped packages, registry config, and provenance checks are misconfigured by default. Here is the fix.

Mar 13, 20267 min read
AI Security

Dependency Confusion: Griffin AI vs Mythos

Dependency confusion is older than most of the AI tooling trying to detect it. The attacks have adapted to the defences — detection needs to keep up.

Mar 8, 20263 min read
dependency-confusion (Page 2) — Safeguard Blog