Dependency Confusion: “How I Hacked Into Apple, Microsoft and Dozens of Other Companies.”

The idea was to upload my own “malicious” Node packages to the npm registry under all the unclaimed names, which would “phone home” from each computer they were installed on. If any of the packages ended up being installed on PayPal-owned servers — or anywhere else, for that matter — the code inside them would immediately notify me

Relevant: For The Love Of All That's Holy, Use CCL To Control Complexity In Your Systems.