Depscanner: Find orphaned packages before the bad guys do

This report presents Depscanner, a tool to find orphan dependencies in GitHub projects that enable dependency confusion supply-chain attacks; it recounts PoC activity where the researcher registered missing npm/pypi package names and used canary tokens to detect installs, describes discovery of mitigation factors (like pnpm workspaces/monorepos that prevent external resolution), and documents responsible disclosure and registry takedowns — concluding that opportunities to hijack orphan libraries still exist but are increasingly mitigated by registries and defenders.