# Dependency Hijaking

Package owners can use email with a custom domain name to register with various package managers such as `npm`, `pypi`, etc. If a domain name is expired, an attacker can register this domain name and gain access to an account through password recovery.

{% embed url="<https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/>" %}