dep_conf v9.1.2

To reproduce dependency confusion.

For instance, the main culprit of Python dependency confusion appears to be the incorrect usage of an “insecure by design” command-line argument called --extra-index-url. When using this argument with the pip install library to specify your own package index, you may find that it works as expected, but what pip is actually doing behind the scenes goes something like this

Checks whether library exists on the specified (internal) package index

Checks whether library exists on the public package index (PyPI)

Installs whichever version is found. If the package exists on both, it defaults to installing from the source with the higher version number.