This package implements a test for Dependency Confusion using pip.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GPL-3.0 License
  • Author: Maurice Lambert
  • Maintainer: Maurice Lambert
  • Tags DependencyConfusion , Dependency , Confusion , Vulnerability , POC , pip , packages , CVE
  • Requires: Python >=3.6
Classifiers
Report project as malware

Project description

DependencyConfusion

Description

This package implements a test for Dependency Confusion using pip.

  1. The version 0.0.2 is available on test.pypi.org.
  2. The version 0.0.2 and 666 are available on pypi.org.
  3. In the scenario you want to install version 0.0.2 available on test.pypi.org and you use the pip --extra-index-url option to install it.
  4. During installation, a window will open to tell you which version is being installed... theoretically version 666 available on pypi.org will be installed if your pip version is vulnerable to dependency confusion.

Requirements

This package require:

  • python3
  • python3 Standard Library

Installation

pip install --extra-index-url https://test.pypi.org/simple/ DependencyConfusion

Links

Licence

Licensed under the GPL, version 3.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for MauriceLambert from gravatar.com MauriceLambert

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GPL-3.0 License
  • Author: Maurice Lambert
  • Maintainer: Maurice Lambert
  • Tags DependencyConfusion , Dependency , Confusion , Vulnerability , POC , pip , packages , CVE
  • Requires: Python >=3.6
Classifiers

Release history Release notifications | RSS feed

This version

666

0.0.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

DependencyConfusion-666.tar.gz (3.5 kB view details)

Uploaded Source

File details

Details for the file DependencyConfusion-666.tar.gz.

File metadata

  • Download URL: DependencyConfusion-666.tar.gz
  • Upload date:
  • Size: 3.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.25.0 setuptools/59.6.0 requests-toolbelt/0.9.1 tqdm/4.54.1 CPython/3.9.11

File hashes

Hashes for DependencyConfusion-666.tar.gz
Algorithm Hash digest
SHA256 037589b90c04e5e7d6c569cafced297ee93d5ec4de97596b8df2862ce50e69d9
MD5 03f3fe2ab78bbc5aa8d6e43334500e25
BLAKE2b-256 00d908c6d91608ed3614bfc927b47593919ceb4962b0fa92f98cfdcd4b9c4e78

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page