Re: (OT) Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies

Thanks interesting read!

Some thoughts from a Perl perspective (which wasn't mentioned)

companies could restrict their proprietary modules to the same top-namespace like Apple::
build systems could refuse to install from such private namespaces
examples like My:: or Our:: come into mind as private by default
CPAN could deny releases into "private namespaces" or similar
another option for privacy could be leading underscores package _CompanyModule;

Disclaimer: I didn't thoroughly check if any of this is already done. But I found at least one module released under My::Object

Cheers Rolf
_{(addicted to the Perl Programming Language :)

Wikisyntax for the Monastery}

Comment on Re: (OT) Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies Select or Download Code

Replies are listed 'Best First'.
Re^2: (OT) Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies by Corion (Patriarch) on Mar 07, 2021 at 11:42 UTC
The simple approach is to run your own CPAN mirror and only import modules there that you have previously vetted. Randomly pulling down packages from the internet is not a good strategy, no matter what assurances CPAN provides.	[reply]
Re^3: (OT) Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies by LanX (Saint) on Mar 07, 2021 at 11:45 UTC
Managing this reliably in a mid-sized team is already hard, even more in a company. Using a naming convention/namespace for internal stuff can't be wrong. Cheers Rolf _{(addicted to the Perl Programming Language :) Wikisyntax for the Monastery}	[reply]

In Section Perl News