📄️ Intentional vulnerabilities and backdoors
📄️ Dependency Confusion - package substitution attacks
This article is work in progress
📄️ Typosquatting
A malicious actor creates a malicious package that is similar in name to a popular OSS component to trick developers into downloading it