Backdoor in public repository used new form of attack to target big firms

Dependency confusion attacks exploit our trust in public code repositories.