Glossary

Dependency Confusion

A supply chain attack that exploits package name resolution to substitute an internal dependency with a malicious package published on a public registry. Dependency confusion hit Apple, Microsoft, and PayPal in 2021 via npm, PyPI, and RubyGems. Protection involves package scoping, private registries, and source verification.

Related Pages

supply chain attackdevsecops

Other Terms

2FA/MFA (Multi-Factor Authentication)

AES (Advanced Encryption Standard)

AI Agent

ANSSI (French National Cybersecurity Agency)

Back to glossary

Need an external review of your HR SaaS?

Share your product, stack, and client context. We will come back with the right review scope.

Discuss your audit