Dependency Combobulator

Dependency Confusion Security Testing Tool

DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.

tool for checking potential dependency confusion

A tool to investigate Dependency Confusion in Artifactory

Find NPM packages in URLs and determine if they can be hijacked

## Auto-archived due to inactivity. ## Yorkshire is your friend, yorkshire checks Python's requirements files for a possible dependency confusion.

Detect potential typosquatting packages across package ecosystems

Python-based tool for identifying potential dependency confusion vulnerabilities in JavaScript (`package.json`) and Python (`requirements.txt`) projects

npm PoC packages

High-performance Go tool for detecting Dependency Confusion vulnerabilities by scanning JavaScript files and checking unclaimed packages on npm registry.

Chrome extension to detect dependency confusion vulnerabilities in GitHub repositories (NPM, PyPI, Ruby)

Simple bash dependency confusion checker (npm, python and ruby)

Demonstration of Dependency Confusion applied to .NET and NuGet

Project to handle requests from malicious PoC of Dependency Confusion or Similar Name packages. Also can be used to generate those packages (gem, npm, pip).

DependencyConfusion is tool used for finding any library used by the project that might be vulnerable to dependency confusion attack.

Compilation of articles and utils about Software Supply Chain Security

Won 🏆 Best Technical Depth Award @ LikeLion Hackathon 2026. Agentic install-time supply-chain security for npm and PyPI. Multi-agent verdicts, local registry proxy, honest Wilson-CI benchmarks.

Dependency confusion scanner for bug bounty — extracts package names from JS files, manifest files & GitHub repos, checks registries, auto-claims unclaimed packages with Telegram alerts.

Claude Code skill that hardens package manager configs against supply chain attacks. Run /harden once, it detects what you have and secures it.