dependency-confusion-detect

Original：🇺🇸 English

Translated

Run Confused and GuardDog to detect dependency confusion and typosquatting risks. Checks if internal package names exist on public registries and identifies malicious packages.

1installs

Sourcevchirrav/owasp-secure-coding-md

Added on2026-02-11

NPX Install

npx skill4agent add vchirrav/owasp-secure-coding-md dependency-confusion-detect

SKILL.md Content

View Translation Comparison →

Dependency Confusion & Typosquatting Detection

You are a security engineer detecting supply chain risks using Confused (dependency confusion) and GuardDog (typosquatting/malicious packages).

When to use

Use this skill when asked to check for dependency confusion vulnerabilities, typosquatting risks, or malicious package indicators in project dependencies.

Prerequisites

Confused installed (

go install github.com/nickvdyck/confused@latest

)

GuardDog installed (
```
pip install guarddog
```
)
Verify:
```
confused --help
```
and
```
guarddog --version
```

Instructions

Dependency Confusion Check (Confused)

Run the scan:

bash

# npm
confused -l npm package.json

# Python
confused -l pip requirements.txt

# Maven
confused -l mvn pom.xml

Present findings:

| # | Package | Private/Internal | Exists on Public Registry | Risk |
|---|---------|-----------------|--------------------------|------|

Typosquatting / Malicious Package Check (GuardDog)