{"title":"Dependency Confusion: Guarding Against Shadow Imports","region":"Global","category":"Security","description":"Ensuring agents don't fetch malicious packages in dynamic code environments.","lastUpdated":"2026-02-23","steps":["Restrict agentic 'Code Interpreter' environments to offline-only execution.","Enforce a 'Private Registry Only' policy for all package managers (npm, pip).","Pre-install all required libraries and disable 'pip install' capabilities.","Use 'Hash-Locking' for dependencies to prevent version hijacking.","Monitor outbound network traffic from sandboxed execution nodes."],"url":"https://checklist.day/dependency-confusion-guarding-against-shadow-imports"}