Package Manager Threat Models

The article explores security threats in package managers that fall outside the scope of CVEs, focusing on risks related to typo-squatting, dependency confusion, malicious packages, and supply chain attacks. It compares how different package ecosystems handle these non-CVE vulnerabilities and discusses the limitations of current security practices.