Recently, a novel supply-chain attack was published by security researcher
Alex Birsan, detailing how dependency confusion (or "name-squatting") in
package managers can be misused in order to execute malicious code on
production and development systems.
In short, most package managers such as pip and npm do not distinguish
between internal packages (hosted on internal company servers) and external
ones (hosted on public servers). [...]