Update: June 1, 2021. You asked, we delivered! Even easier protection against dependency confusion attacks! Read more — Going Beyond Exclude Patterns: Safe Repositories With Priority Resolution. TL;DR The npm Registry is vulnerable to supply chain namespace shadowing, also known as “Dependency Confusion” attacks. Make sure you create npm scoped packages and force exclude patterns. Long-time …