Episode 5: Dependency Confusion As A Tool For Targeted NPM Hacks

Karlo Zanki discusses how NPM packages can serve malware via compromised software updates


NPM dependency confusion has emerged as a potent software supply chain attack vector via platforms like npm, with malicious packages surreptitiously added to these repositories, maintained by leading firms. In this episode, we’re joined by ReversingLabs Reverse Engineer Karlo Zanki to dig into some of our recent findings that show dependency confusion attacks being used to advance what appear to be targeted supply chain attacks. We also talked about how development organizations can monitor for and prevent these kinds of attacks.

Watch the Podcast