Hackers of India

DepConfuse: Shielding Your Packages from Dependency Confusion Attacks

By Akhil Mahendra , Harsh Varagiya , Sourav Kumar , Akshansh Jaiswal on 11 Dec 2025 @ Blackhat : Arsenal
πŸ’» Source Code πŸ”— Link
#supply-chain #dependency-management #package-security #open-source-security #supply-chain-security
Focus Areas: πŸ“¦ Software Supply Chain Security , πŸ” Vulnerability Management
This tool demo covers following tools where the speaker has contributed or authored
DEPCONFUSE

Abstract

DepConfuse helps shield packages from dependency confusion attacks, where attackers publish malicious packages to public registries with names that match internal private package names, causing package managers to pull the malicious version. The tool assists organizations in detecting and mitigating such supply chain risks.

Presented at Black Hat Europe 2025 Arsenal, December 8-11, London. This tool was scheduled in two Arsenal sessions at the same conference (see also schedule #48408 ).