0.0.1-security • Published 2 years ago
dependency-confusion-fossa-example v0.0.1-security
Dependency Confusion Attack Distributed via VSCode
This project demonstrates dependency confusion attack via microsoft published vscode extensions.
Quick Start
- start dns server:
yarn dialTone
- mimic installation postinstall script with
yarn phoneHome
(updatenameServers
indigger.ts
to refer to the correct IP address. Remember to rebuild the project for this to work)