@snyksec Tnx for your excellent analysis at snyk.io/blog/npm-depen… and don't worry, the "malicious actor" is one of our interns 😎 who was tasked to research dependency confusion as part of our continuous attack simulations for clients. (1/2)

To clarify your questions: we're trying to mimic realistic threat actors for dedicated clients as part of our Security Intelligence Service and we brought our "own" package manager that supports yarn and npm. Feel free to DM us if you have additional questions. (2/2)

@codewhitesec Your tweet was quoted in an article by theregister go.theregister.com/feed/www.there…

@codewhitesec @snyksec You scared us,danke schon Von aus Uganda