package-distributiondevelopment
dependency-confusion
Supply-chain testing via package-manager dependency confusion: when internal package names resolve to attacker-controlled public registries, leading to malicious install and script execution. Use for npm/pip/gem/Maven/Composer/Docker manifest review and authorized red-team supply-chain exercises.
maintainer
yaklang
Обновлено 4/8/2026
Звёзды
83
Форки
10
quick start
Installation and usage
Supply-chain testing via package-manager dependency confusion: when internal package names resolve to attacker-controlled public registries, leading to malicious install and script execution. Use for npm/pip/gem/Maven/Composer/Docker manifest review and authorized red-team supply-chain exercises.
Установка
$ install --globalskills.sh
Использование
После установки вы можете использовать этот skill, выполнив следующую команду в терминале:
skills use dependency-confusion