Supply Chain Attack
IntermediateAttackers compromise software by poisoning the dependencies you trust. Identify typosquatted packages, dependency confusion vulnerabilities, and malicious install scripts before they compromise your build pipeline.
Progress:
1
Typosquatting2
Dependency Confusion3
Malicious Post-Install1
Typosquatting
One of these dependencies is a typosquat. Click the malicious package.
// package.json
{
"dependencies": {
"react": "^18.2.0",
"next": "^14.1.0",
"axios": "^1.6.2",
"lodahs": "^4.17.21",
"express": "^4.18.2",
"dotenv": "^16.3.1",
"mongoose": "^8.0.3",
"jsonwebtoken": "^9.0.2",
"bcrypt": "^5.1.1",
"cors": "^2.8.5"
}
}