Is Dependency Confusion Really a Threat?

A lot of companies have rightly recognized that using code directly from open source and public repositories does come with some risks. But as soon as you have a network connection, you can't really trust that the data stays private. The famous dependency confusion attack used DNS requests or something like that which aren't commonly flagged by firewalls. It's one of the worst types of vulnerabilities of a two-in-attack or as long as they can guess the names of your packages.