infosec

If you distribute your packages solely via a private PyPi index, an attacker can upload malicious packages with the same name to the public PyPi index. This is textbook dependency confusion. 

Package managers may then inadvertently download the malicious package from the default public index even if you specify the correct private index URL.

If you distribute your packages solely via a private PyPi index, an attacker can upload malicious packages with the same name to the public PyPi index. This is textbook dependency confusion. 

Package managers may then inadvertently download the malicious package from the default public index even if you specify the correct private index URL.
https://giraffesecurity.dev/posts/amazon-hat-trick/