Slopsquatting candidates — names attackers will target next
Package names multiple LLMs repeatedly hallucinate are exact targeting information for attackers — "register this and someone will install it". We see those names before attackers do.
How we detect
We regularly run a matrix of hundreds of programming prompts through major LLMs (Claude, GPT, Gemini, Llama) and harvest the package names they recommend. Cross-model agreement raises the target score. The registry status is checked live against npm/PyPI/crates.io for (1) non-existence, (2) recent registration with suspicious patterns, and (3) empty wrappers around famous names.
Bulk package check
Paste package names suggested by an LLM, one per line. Flagged candidates appear below.
| id | purl | risk | summary |
|---|---|---|---|
| VDB-SLOP-npm-d0e0fb5583 | pkg:npm/phoenix.js | high | Slopsquatting candidate: phoenix.js (npm) |
| VDB-SLOP-npm-ca1a4a504d | pkg:npm/Rambda | high | Slopsquatting candidate: Rambda (npm) |
| VDB-SLOP-npm-00d2cadf13 | pkg:npm/deep-clone-webpack-plugin | high | Slopsquatting candidate: deep-clone-webpack-plugin (npm) |
| VDB-SLOP-npm-ae9a6aa915 | pkg:npm/cronparser | high | Slopsquatting candidate: cronparser (npm) |
| VDB-SLOP-npm-98b66a3a71 | pkg:npm/cron-collision | high | Slopsquatting candidate: cron-collision (npm) |
| VDB-SLOP-npm-569243c633 | pkg:npm/cron-expresso | high | Slopsquatting candidate: cron-expresso (npm) |
| VDB-SLOP-npm-e6e0f0d6af | pkg:npm/ts-nexus | high | Slopsquatting candidate: ts-nexus (npm) |
| VDB-SLOP-pypi-e4149eab27 | pkg:pypi/tartiflette-graphql | high | Slopsquatting candidate: tartiflette-graphql (PyPI) |
| VDB-SLOP-pypi-071d61762a | pkg:pypi/rapidcsv | high | Slopsquatting candidate: rapidcsv (PyPI) |
| VDB-SLOP-pypi-67536728c6 | pkg:pypi/ics.py | high | Slopsquatting candidate: ics.py (PyPI) |
| VDB-SLOP-pypi-2aaf32f9e6 | pkg:pypi/icalparser | high | Slopsquatting candidate: icalparser (PyPI) |
| VDB-SLOP-pypi-3200c6728a | pkg:pypi/cyclonedx-pythonlib | high | Slopsquatting candidate: cyclonedx-pythonlib (PyPI) |
| VDB-SLOP-pypi-998912b914 | pkg:pypi/cyclonedx2json | high | Slopsquatting candidate: cyclonedx2json (PyPI) |
| VDB-SLOP-pypi-f0fec3a01d | pkg:pypi/sbom-parser | high | Slopsquatting candidate: sbom-parser (PyPI) |
| VDB-SLOP-pypi-0e384d6fc1 | pkg:pypi/cyclonedx-cli | high | Slopsquatting candidate: cyclonedx-cli (PyPI) |
| VDB-SLOP-pypi-39ea305eaf | pkg:pypi/opentelemetry-logger | high | Slopsquatting candidate: opentelemetry-logger (PyPI) |
| VDB-SLOP-cratesio-f56bb810b0 | pkg:cargo/cyclonedx-parse | high | Slopsquatting candidate: cyclonedx-parse (crates.io) |
| VDB-SLOP-go-5cb76c9323 | pkg:golang/github.com/rbretecher/openapi-parser | high | Slopsquatting candidate: github.com/rbretecher/openapi-parser (Go) |
| VDB-SLOP-pypi-35ce3ab5e4 | pkg:pypi/urllib | high | Slopsquatting candidate: urllib (PyPI) |
| VDB-SLOP-pypi-4ef5a6518c | pkg:pypi/urlcanonicalizer | high | Slopsquatting candidate: urlcanonicalizer (PyPI) |
| VDB-SLOP-npm-509c848aa7 | pkg:npm/robust- | high | Slopsquatting candidate: robust- (npm) |
| VDB-SLOP-npm-66cbe3d329 | pkg:npm/structuredClone | high | Slopsquatting candidate: structuredClone (npm) |
| VDB-SLOP-npm-3496e2da1f | pkg:npm/5. | high | Slopsquatting candidate: 5. (npm) |
| VDB-SLOP-npm-155e988205 | pkg:npm/Realtime | high | Slopsquatting candidate: Realtime (npm) |
| VDB-SLOP-npm-b010ef97d3 | pkg:npm/cron-collision-checker | high | Slopsquatting candidate: cron-collision-checker (npm) |
| VDB-SLOP-npm-979efcb83c | pkg:npm/@anthropic/mcp-sdk | high | Slopsquatting candidate: @anthropic/mcp-sdk (npm) |
| VDB-SLOP-pypi-95ec2db3cd | pkg:pypi/pyyaml-env | high | Slopsquatting candidate: pyyaml-env (PyPI) |
| VDB-SLOP-pypi-cdca655476 | pkg:pypi/rueml | high | Slopsquatting candidate: rueml (PyPI) |
| VDB-SLOP-pypi-85c2b98684 | pkg:pypi/learning-based | high | Slopsquatting candidate: learning-based (PyPI) |
| VDB-SLOP-pypi-ad19dcdb10 | pkg:pypi/dateutil | high | Slopsquatting candidate: dateutil (PyPI) |
| VDB-SLOP-pypi-faa1dbe8ed | pkg:pypi/icalendar-parser | high | Slopsquatting candidate: icalendar-parser (PyPI) |
| VDB-SLOP-pypi-c1165e50ca | pkg:pypi/pyics | high | Slopsquatting candidate: pyics (PyPI) |
| VDB-SLOP-pypi-40ff05d49c | pkg:pypi/ical_feats | high | Slopsquatting candidate: ical_feats (PyPI) |
| VDB-SLOP-pypi-6f6646f5e6 | pkg:pypi/name | high | Slopsquatting candidate: name (PyPI) |
| VDB-SLOP-pypi-a9a51f4eb1 | pkg:pypi/official | high | Slopsquatting candidate: official (PyPI) |
| VDB-SLOP-pypi-ac083c1346 | pkg:pypi/packageurl | high | Slopsquatting candidate: packageurl (PyPI) |
| VDB-SLOP-pypi-ef1bd20dd8 | pkg:pypi/cyclonedx-python-golang | high | Slopsquatting candidate: cyclonedx-python-golang (PyPI) |
| VDB-SLOP-pypi-3474b5d2ac | pkg:pypi/cyclonedx-cfactory | high | Slopsquatting candidate: cyclonedx-cfactory (PyPI) |
| VDB-SLOP-pypi-b609b2d7c2 | pkg:pypi/cyclonedx-jsonschema | high | Slopsquatting candidate: cyclonedx-jsonschema (PyPI) |
| VDB-SLOP-pypi-1bd1d27e8e | pkg:pypi/cyclonedx-python-rcf | high | Slopsquatting candidate: cyclonedx-python-rcf (PyPI) |
| VDB-SLOP-pypi-61e6ced377 | pkg:pypi/cyclonedx-validator | high | Slopsquatting candidate: cyclonedx-validator (PyPI) |
| VDB-SLOP-pypi-5ce6592120 | pkg:pypi/sbom-checker | high | Slopsquatting candidate: sbom-checker (PyPI) |
| VDB-SLOP-cratesio-4e5e231770 | pkg:cargo/cyclonedx-rs | high | Slopsquatting candidate: cyclonedx-rs (crates.io) |
| VDB-SLOP-cratesio-e01b63e7ca | pkg:cargo/sbom-parser | high | Slopsquatting candidate: sbom-parser (crates.io) |
| VDB-SLOP-cratesio-f39e8af0f6 | pkg:cargo/cyclonedx-derive | high | Slopsquatting candidate: cyclonedx-derive (crates.io) |
| VDB-SLOP-cratesio-61e443d04e | pkg:cargo/cyclonedx | high | Slopsquatting candidate: cyclonedx (crates.io) |
| VDB-SLOP-npm-735860febd | pkg:npm/safer-sql-parser | high | Slopsquatting candidate: safer-sql-parser (npm) |
| VDB-SLOP-npm-09b67c43d0 | pkg:npm/sql-sanitize | high | Slopsquatting candidate: sql-sanitize (npm) |
| VDB-SLOP-npm-11f249b4f4 | pkg:npm/sql-escape-strings | high | Slopsquatting candidate: sql-escape-strings (npm) |
| VDB-SLOP-pypi-eab1a577e5 | pkg:pypi/vigil-llm | high | Slopsquatting candidate: vigil-llm (PyPI) |
| VDB-SLOP-pypi-6170c4db82 | pkg:pypi/purl-js | high | Slopsquatting candidate: purl-js (PyPI) |
| VDB-SLOP-pypi-a217848a85 | pkg:pypi/purl-parse | high | Slopsquatting candidate: purl-parse (PyPI) |