Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Dependency Confusion

Training Camp • Cybersecurity Glossary

What is Dependency Confusion?

Dependency confusion is a supply chain attack where a malicious public package impersonates a private internal one, hijacking the build pipeline.

Glossary > Application & API Security > Dependency Confusion

Understanding Dependency Confusion

Dependency confusion, also called a substitution or namespace confusion attack, is a supply chain attack in which an adversary publishes a malicious package to a public registry using the same name as an organization's private internal package, often with a higher version number. Misconfigured package managers then pull the attacker's public package instead of the trusted internal one, executing malicious code during installation or build.

Learn More About Dependency Confusion:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →