https://github.com/viralvaghela/dependency_confusion_checker
A Tool to check dependency confusion vulnerability
https://github.com/viralvaghela/dependency_confusion_checker
dependencies dependency dependency-confusion dependency-injection npm
Last synced: 6 months ago
JSON representation
A Tool to check dependency confusion vulnerability
- Host: GitHub
- URL: https://github.com/viralvaghela/dependency_confusion_checker
- Owner: viralvaghela
- Created: 2022-06-12T05:08:24.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2022-09-01T15:04:58.000Z (about 3 years ago)
- Last Synced: 2025-02-18T11:16:32.539Z (8 months ago)
- Topics: dependencies, dependency, dependency-confusion, dependency-injection, npm
- Language: Python
- Homepage:
- Size: 12.7 KB
- Stars: 0
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# dependency_confusion_checker
A tool to check dependency confusion vulnerability.
What is Dependency Confustion?
A Dependency Confusion attack or supply chain substitution attack occurs when a software installer script is tricked into pulling a malicious code file from a public repository instead of the intended file of the same name from an internal repository.
For more info read this [article](https://dhiyaneshgeek.github.io/web/security/2021/09/04/dependency-confusion/)
```py
usage: dependency_confusion_checker.py [-h] [-w WRITE] [-t {outdated,updated,phantom}] [-q] [-cv] url
Dependency Confusion Checker
positional arguments:
url URL of package.json file.
optional arguments:
-h, --help show this help message and exit
-w WRITE, --write WRITE
Write output to a file. (default = stdout)
-t {outdated,updated,phantom}, --type {outdated,updated,phantom}
Write only certain type of packages to file. (default = all)
-q, --quiet Suppress output
-cv, --check-vulns Check packages for known vulnerabilities (default = off)
```