With the introduction of 3rd party libraries in modern software development processes in recent years, a high level of convenience is provided. Software developers can take action much faster and act more flexibly in the current process. With this convenience, software developers can quickly solve their work with NPM, Pypi, Maven-type package managers. But there is a problem here. "Every innovation brings with it one or many flaws." One of these risks is the Dependency Confusion vulnerability that has become popular in recent years.

Table of Contents

  • Introduction
  • What is Dependency Confusion?
  • Historical Background
  • Technical Details
  • POC Study
  • Prevention Methods
  • Future Scenario
  • Conclusion

What is Dependency Confusion?

Dependency Confusion is a security flaw that happens when packages from a company's private repository are mistakenly published to public repositories under the same name but with a higher version number. This kind of attack takes advantage of how package managers typically operate.

A standard dependency confusion attack unfolds in a few key steps:

  • The target organization relies on its private packages.
  • The attacker identifies the names of these specific packages.
  • They then upload packages with the same name to public repositories, but with higher version numbers.
  • The package manager, following its usual preference for higher versions, opts for the malicious package.
  • As a result, the harmful code begins executing on the target system.
Dependency Confusion Attack Steps
Dependency Confusion Attack Flow

Historical Background

This attack actor first emerged in 2021 with a researcher named Alex Birsan. With the article he published, he showed that he was able to infiltrate the systems of large companies such as Apple, Microsoft, Paypal by using the "Dependency Confusion" vulnerability.

Technical Details

Behavior of package managers

# Example package.json
{
  "dependencies": {
    "@company/internal-utils": "1.0.0",
    "express": "4.17.1"
  }
}

Version strategy

# Insecure version usage
dependencies = {
    "internal-package": "^1.0.0"  # Any version within the major version
}

# Secure version usage
dependencies = {
    "internal-package": "1.0.0"  # definitive version
}

POC Study

Malicious package structure

class SystemCollector:
    def __init__(self):
        self.data = self._collect_system_info()
        self._exfiltrate_data()
    
    def _collect_system_info(self):
        return {
            "hostname": socket.gethostname(),
            "platform": platform.platform(),
            "environment": os.environ,
            "ssh_keys": self._find_ssh_keys(),
            "api_tokens": self._scan_for_tokens()
        }

Sample Output

Sample Data Collection Output
Sample Data Collection Output

So what data can you collect?

  • System information
  • Environment variables
  • Sensitive files
  • Network configuration
  • API keys

So how is the difficulty of detection ensured?

  • Minimal code base
  • Functionality that mimics the real package
  • Hidden data collection mechanisms
  • Encrypted communication

Prevention Methods

Prevention Methods Diagram
Prevention Methods Overview

Package registration configuration

# .npmrc
@company:registry=https://npm.company.com
always-auth=true

# pip.conf
[global]
index-url = https://pypi.company.com/simple

Version locking

# requirements.txt
company-internal-utils==1.0.0

# package.json
{
  "dependencies": {
    "@company/internal-utils": "1.0.0"
  }
}

Future Scenario

Dependency confusion attacks are becoming more sophisticated with the rise of AI and automation technologies. Attackers are leveraging AI-powered systems that can automatically identify private package repositories and disguise malicious packages to look legitimate. For instance, an attacker might use a model that analyzes the behavior of a company's private packages to create harmful packages that mimic the same APIs and functions.

On the flip side, defense mechanisms are also evolving. Blockchain-based package verification transparently confirms the source and integrity of each package. AI-driven anomaly detection can catch even the slightest deviations in package behavior. Meanwhile, zero-trust package management continuously questions the reliability of every package, allowing only verified packages to be loaded.

Conclusion

At the end of the day, as we mentioned at the beginning of this article, new technologies bring new vulnerabilities. This fertility level does not vary much. Because the basic logic is that "every new technology needs its own security".

If we had to summarize the article, today there is definitely a need for a tightened repository manager for dependency security and an SCA solution for scanning packages hosted on that manager. There are SCA and repository management products that are available as open source, free version when enterprise cost is considered. As a person who has used many different solutions, repository manager is sufficient for free use. But unfortunately there is a serious quality difference when comparing free and enterprise SCA solutions.

Stay Safe.