Rocket.Chat icon indicating copy to clipboard operation
Rocket.Chat copied to clipboard
verified publisher icon RocketChat

npm packages

Open oxben10 opened this issue 1 month ago • 1 comments

If someone uploads package names related to these names here:

https://github.com/RocketChat/Rocket.Chat/tree/develop/packages

to npm, would there be any problem ?? Could this cause a DEPENDENCY CONFUSION attack ?

oxben10 avatar Dec 05 '25 12:12 oxben10

Any monorepo using local package names that are not also registered on npm is theoretically vulnerable unless the build system strictly enforces local resolution.

MuazzamMukadam avatar Dec 08 '25 08:12 MuazzamMukadam