Dependency confusion occurs when a malicious package with the same name as a private package is published in a public repository, tricking systems into using the malicious version. Learn more here: https://bytesafe.dev/threats/dependency-confusion/