Dependency Confusion – A New Attack Technique

Tech giants Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber have recently fallen victim to a new supply chain exploit technique called dependency confusion after a researcher executed counterfeit code on their networks.

What is dependency confusion?

Software is developed using a variety of packages collected to build applications. These packages are sourced in-house, purchased from third-party suppliers, and downloaded from public sources.

The common hybrid component configuration manages both private and publicly available packages which are automatically downloaded. When dependencies are installed, programming languages such as Python and Node will look to the internet to find these. If an attacker has registered a dependency that is the same name as a private package, the programming language would use the attacker’s package containing malicious code. This is called a dependency confusion attack – another supply chain vulnerability.

This inherent design flaw of open-source development tools ultimately allows this kind of attack to be used to adversely affect the application development process. Therefore, it is a cause of serious concern for many organizations.

Who is vulnerable to a dependency confusion attack?

If you download code from a public open-package index website (such as npm and PyPI) in the process of developing apps, you could be at risk.

Dependency confusion – a case that got everyone talking 

Recently, cyber security researcher and Bug hunter Alex Birsan exploited the possibility that software might contain elements from both public and private sources. He asked the questions:

  • What happens if malicious code is uploaded to npm under these names? Is it possible that some of PayPal’s internal projects will start defaulting to the new public packages instead of the private ones?
  • Will developers, or even automated systems, start running the code inside the libraries?
  • If this works, can we get a bug bounty out of it?
  • Would this attack work against other companies too?


Birsan successfully managed to breach over 35 internal systems after discovering numerous private module names and creating aliases on public repositories, such as NPM and RubyGem. To find out the precise actions Birsan took, check out his Medium article in which he provides detailed insights into his process.

Since his discovery, Birsan has been awarded over $130,000 in bug bounties for his efforts. However, following his haul, countless new bogus npm packages have appeared. So, it seems that these have been published by copycat researchers that likely have bad intentions.

What does this mean for the future?

Microsoft has since released a whitepaper to warn companies of this new attack technique, and many have responded accordingly by remediating this vulnerability and attempting to prevent it. However, Birsan himself said, “I still get the feeling that there is more to discover. Specifically, I believe that finding new and clever ways to leak internal package names will expose even more vulnerable systems, and looking into alternate programming languages and repositories to target will reveal some additional attack surfaces for dependency confusion bugs.

Since Birsans discovery, a novel supply chain attack has been detected – just days after he disclosed his technique.
Tech organizations must be vigilant. This new sort of vulnerability – now established – is one that every developer should be aware of, posing potentially detrimental repercussions.