Dependency Confusion Exploit Being Used to Create More Copycat Packages
After the release of a proof-of-concept for a new dependency confusion vulnerability by a researcher, hundreds of bogus npm packages have popped up targeting Amazon, Zillow, Lyft, and Slack NodeJS apps.
