snync is a security tool designed to detect potential Dependency Confusion attack vectors in private open source package management environments. The tool addresses security risks that arise when organizations use private registries for proprietary packages without proper namespace reservation. When package names are not reserved on public registries, malicious actors can register packages with identical names, potentially causing package managers to download malicious code from public sources instead of intended private repositories. snync identifies two categories of potential compromises: - Vulnerable packages: Cases where a package name is used in a project but not registered on the public registry, creating an immediate attack vector - Suspicious packages: Potential security concerns that warrant further investigation The tool helps organizations identify gaps in their package management security posture by scanning for unreserved package names that could be exploited through dependency confusion attacks. This type of attack exploits misconfigurations and design flaws in package managers that may prioritize public registry packages over private ones under certain conditions.