Why Namespacing Matters in Public Open Source Repositories

The importance of  Namespacing in Public Open Source Repositories

Yesterday we saw the disclosure of a report showing how a security researcher was able to successfully infiltrate 35+ name brand companies, primarily via npm. Ironically, the mechanism used to perpetrate the attack, what’s being called namespace confusion or dependency confusion, is one that I’m quite familiar with and has been at the heart of the contention of how we’ve managed the Maven Central repository for 16+ years vs the users who push back on the standards and just want it to be “easy like npm”. 

Article Link: https://blog.sonatype.com/why-namespacing-matters-in-public-open-source-repositories