redesigned-carnival: Package for dependency confusion
Dependency confusion is a software supply chain attack described at https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610. This package was created to investigate whether Cabal is vulnerable to this kind of attack, and possible mitigations.
Downloads
- redesigned-carnival-0.4.0.2.tar.gz [browse] (Cabal source package)
- Package description (as included in the package)
Maintainer's Corner
For package maintainers and hackage trustees
Candidates
| Versions [RSS] | 0.3.0.0, 0.4.0.0, 0.4.0.1, 0.4.0.2, 1.0.0.0 |
|---|---|
| Change log | CHANGELOG.md |
| Dependencies | base (>=4 && <5) [details] |
| License | LicenseRef-PublicDomain |
| Author | Fraser Tweedale |
| Maintainer | frase@frase.id.au |
| Category | ACME |
| Uploaded | by frasertweedale at 2025-04-14T00:09:31Z |
| Distributions | NixOS:1.0.0.0 |
| Downloads | 536 total (4 in the last 30 days) |
| Rating | (no votes yet) [estimated by Bayesian average] |
| Your Rating | |
| Status | Docs available [build log] Last success reported on 2025-04-14 [all 1 reports] |