Dependency confusion and typosquatting attacks are very similar in their nature. They both exploit the weakness in the way many package managers identify packages using only their names. Successfully exploiting this weakness enables the attacker to run arbitrary code at install time or at application’s run time. These attacks are scalable, portable, and extremely cost-effective to carry out—making them very appealing to malicious actors.
