Is this package real, or did an AI hallucinate it?
AI coding assistants invent package names that do not exist. Attackers pre-register those invented names and wait for someone to run the suggested install command. It has a name now: slopsquatting. Paste your dependencies below and check them - entirely in your browser, nothing uploaded.
huggingface-cli proof-of-concept after a researcher registered that hallucinated name.Numbers reflect published academic studies on package hallucination in AI-generated code and the publicly documented huggingface-cli demonstration. This page does not invent a precise citation; treat the figures as orders of magnitude, not exact measurements.
Malicious
Exact match to a publicly documented compromised or malicious release (event-stream, ua-parser-js, node-ipc, colors, ctx, the xz / liblzma scare, @solana/web3.js, and more). If you see this, stop and verify your lockfile now.
Hallucinated
Exact match to a curated list of names AI assistants are known to invent, headed by the huggingface-cli proof-of-concept. These are exactly the names an attacker would slopsquat.
Typosquat
One or two characters off a popular package (Damerau-Levenshtein distance), or a scope / separator confusion of one. The classic shape of expresss, reqests, lodahs.
Suspicious
A popular name with a tacked-on suffix like -js, -cli, or -py that is not itself a known package. A common pattern for riding a real package's reputation.
The full, offline tool
This web tool is a quick taste. The CLI is the complete check.
vulkro slopcheck runs the same idea against the full offline corpus, parses your real manifests across npm, PyPI, Go, Cargo, and Maven, and reports with exit codes you can gate CI on. Like the rest of Vulkro it runs entirely on your machine - no source upload, no telemetry, no account.
then run vulkro slopcheck in your project
Questions
What is slopsquatting?
Slopsquatting is a supply-chain attack that targets AI coding assistants. Large language models invent (hallucinate) package names that sound right but do not exist. An attacker registers one of those invented names with a malicious payload; when a developer copies the AI-suggested install command, they pull the attacker's package. The term distinguishes it from typosquatting, which targets human typos rather than machine hallucinations.
How do I check if an npm or PyPI package is real?
Paste the name into the checker above. It flags documented malicious releases, known AI-hallucinated names, close typosquats of popular packages, and suspicious suffix patterns - all locally. Beyond a quick screen, the real answer is to scan your actual manifests: vulkro slopcheck does this offline across five ecosystems.
Is any of this uploaded?
No. The checker on this page is built from an embedded dataset and pure JavaScript that runs in your browser. There is no API call, no analytics event, and nothing you paste leaves the page. That is the same principle the Vulkro CLI is built on: your code stays on your machine.
How big is the embedded dataset?
The web tool ships 288 well-known npm names and 230 PyPI names, plus curated known-malicious and known-hallucinated seed lists. It is deliberately a small, fast screen, not the full registry. The CLI ships the complete offline corpus and a manifest-aware parser, so use this page for a quick look and vulkro slopcheck for the real audit.