I am testing for dependency confusion vulnerabilities in products that are in public bug bounty programs. This code is reporting-only, and does not do anything malicious.