Manifest confusion checker Until a solution is implemented, sysadmin Felix Pankratz has released a Python-based tool that can help software developers check the NPM packages for inconsistencies.

Package hallucination flashbacks These non-existent dependencies represent a threat to the software supply chain by exacerbating so-called dependency confusion attacks.

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were caught stealing SSH and GPG keys from the projects of infected developers.