Earlier this month, we saw the disclosure of a report showing how a security researcher was able to successfully infiltrate 35+ name brand companies, primarily via npm. Ironically, the mechanism used to perpetrate the attack, what’s being called namespace confusion or dependency confusion, is one that has been at the heart of the contention of how prepared organizations stay safe for years vs the users who push back on the standards and just want it to be “easy like npm”.
Download this whitepaper to gain additional information about why:
- Providing namespaces is really important;
- And enforcing namespaces in public repositories is even more important.