Software Supply Chain Attacks: How Dependencies Become Attack Vectors

A software supply chain attack compromises a component in the software dependency chain — a library, package, build tool, or distribution system — so that every application using that component is automatically affected. The attacker doesn't need to breach the target directly; they breach something the target trusts. ## Why It Works Modern software is built on deep dependency trees. A typical web application may have 50-100 direct dependencies, but each of those has its own dependencies, creating a transitive tree of hundreds to thousands of packages. Each package is a trust relationship: you trust that its maintainer, hosting platform, build system, and distribution channel have not been compromised. ## Attack Vectors **Account takeover:** Compromising a package maintainer's account on a registry (npm, PyPI, RubyGems, Hex) and pushing a malicious version. The LiteLLM attack (2026) used this method — the GitHub owner's account was compromised and version 1.82.8 contained credential-stealing malware. LiteLLM Supply Chain Attack: 97 Million Monthly Downloads Compromised via GitHub Account Takeover **Maintainer social engineering:** Convincing a burned-out maintainer to hand off a popular package. The `event-stream` incident (2018) — a popular npm package with 2 million weekly downloads was handed to a new maintainer who added cryptocurrency-stealing code targeting a specific wallet application. **Build system compromise:** Injecting malware into the build/release pipeline rather than the source code. The SolarWinds attack (2020) inserted a backdoor into the build process of SolarWinds' Orion software, infecting the compiled binaries sent to approximately 18,000 organizations including US government agencies, without altering the source repository. **Typosquatting:** Publishing malicious packages with names similar to popular ones (e.g., `reqests` instead of `requests`). Automated dependency installation via `pip install` or `npm install` makes typos dangerous. ## The Transitive Problem You don't need to install the compromised package directly. If any package in your dependency tree depends on it, you're affected. The LiteLLM malware reached developers who had never heard of LiteLLM — it was a transitive dependency of MCP plugins in their AI coding tools. ## Mitigations Pin dependency versions (prevent automatic updates to compromised versions), audit transitive dependencies regularly, use lock files, verify package signatures where supported, and monitor for unexpected dependency changes. No mitigation is complete — the fundamental problem is that software trust is transitive and the attack surface grows with every dependency added.