Slopsquatting candidates — names attackers will target next
Package names multiple LLMs repeatedly hallucinate are exact targeting information for attackers — "register this and someone will install it". We see those names before attackers do.
How we detect
We regularly run a matrix of hundreds of programming prompts through major LLMs (Claude, GPT, Gemini, Llama) and harvest the package names they recommend. Cross-model agreement raises the target score. The registry status is checked live against npm/PyPI/crates.io for (1) non-existence, (2) recent registration with suspicious patterns, and (3) empty wrappers around famous names.
Bulk package check
Paste package names suggested by an LLM, one per line. Flagged candidates appear below.
| id | purl | risk | summary |
|---|---|---|---|
| VDB-SLOP-npm-d0e0fb5583 | pkg:npm/phoenix.js | high | Slopsquatting candidate: phoenix.js (npm) |
| VDB-SLOP-npm-298d52cfd4 | pkg:npm/nxtjwt | high | Slopsquatting candidate: nxtjwt (npm) |
| VDB-SLOP-npm-00d2cadf13 | pkg:npm/deep-clone-webpack-plugin | high | Slopsquatting candidate: deep-clone-webpack-plugin (npm) |
| VDB-SLOP-npm-ae9a6aa915 | pkg:npm/cronparser | high | Slopsquatting candidate: cronparser (npm) |
| VDB-SLOP-npm-73ff7581f7 | pkg:npm/@pusher/pusher-js | high | Slopsquatting candidate: @pusher/pusher-js (npm) |
| VDB-SLOP-npm-569243c633 | pkg:npm/cron-expresso | high | Slopsquatting candidate: cron-expresso (npm) |
| VDB-SLOP-npm-a8b8dbbca9 | pkg:npm/jsonwebtoken-promise | high | Slopsquatting candidate: jsonwebtoken-promise (npm) |
| VDB-SLOP-npm-e6e0f0d6af | pkg:npm/ts-nexus | high | Slopsquatting candidate: ts-nexus (npm) |
| VDB-SLOP-npm-56c9ea855f | pkg:npm/fast-jsonwebtoken | high | Slopsquatting candidate: fast-jsonwebtoken (npm) |
| VDB-SLOP-npm-6a26244e4a | pkg:npm/@auth0/jwt-decode | high | Slopsquatting candidate: @auth0/jwt-decode (npm) |
| VDB-SLOP-pypi-e4149eab27 | pkg:pypi/tartiflette-graphql | high | Slopsquatting candidate: tartiflette-graphql (PyPI) |
| VDB-SLOP-pypi-1b230b46b9 | pkg:pypi/icalparsed | high | Slopsquatting candidate: icalparsed (PyPI) |
| VDB-SLOP-npm-f06134747e | pkg:npm/@auth0/node-jsonwebtoken | high | Slopsquatting candidate: @auth0/node-jsonwebtoken (npm) |
| VDB-SLOP-npm-d8259adfe9 | pkg:npm/json-deep-clone | high | Slopsquatting candidate: json-deep-clone (npm) |
| VDB-SLOP-pypi-cbef7e55a5 | pkg:pypi/cyclonedx-java | high | Slopsquatting candidate: cyclonedx-java (PyPI) |
| VDB-SLOP-pypi-3200c6728a | pkg:pypi/cyclonedx-pythonlib | high | Slopsquatting candidate: cyclonedx-pythonlib (PyPI) |
| VDB-SLOP-pypi-f9a1b1b579 | pkg:pypi/cyclonedx-python-github | high | Slopsquatting candidate: cyclonedx-python-github (PyPI) |
| VDB-SLOP-npm-580daa2559 | pkg:npm/momend | high | Slopsquatting candidate: momend (npm) |
| VDB-SLOP-npm-ce17f68b13 | pkg:npm/jsonwebtoken-3 | high | Slopsquatting candidate: jsonwebtoken-3 (npm) |
| VDB-SLOP-pypi-39ea305eaf | pkg:pypi/opentelemetry-logger | high | Slopsquatting candidate: opentelemetry-logger (PyPI) |
| VDB-SLOP-npm-79cdc20ed7 | pkg:npm/clone-dedeep | high | Slopsquatting candidate: clone-dedeep (npm) |
| VDB-SLOP-npm-42a6edd9ae | pkg:npm/rsa-jwt | high | Slopsquatting candidate: rsa-jwt (npm) |
| VDB-SLOP-npm-b8706ad3c0 | pkg:npm/Bitfinex-api-node | high | Slopsquatting candidate: Bitfinex-api-node (npm) |
| VDB-SLOP-go-5cb76c9323 | pkg:golang/github.com/rbretecher/openapi-parser | high | Slopsquatting candidate: github.com/rbretecher/openapi-parser (Go) |
| VDB-SLOP-pypi-739dc89011 | pkg:pypi/cyclonedx-python-parser | high | Slopsquatting candidate: cyclonedx-python-parser (PyPI) |
| VDB-SLOP-npm-509c848aa7 | pkg:npm/robust- | high | Slopsquatting candidate: robust- (npm) |
| VDB-SLOP-npm-3496e2da1f | pkg:npm/5. | high | Slopsquatting candidate: 5. (npm) |
| VDB-SLOP-npm-155e988205 | pkg:npm/Realtime | high | Slopsquatting candidate: Realtime (npm) |
| VDB-SLOP-npm-4fdc977857 | pkg:npm/Native-WebSocket | high | Slopsquatting candidate: Native-WebSocket (npm) |
| VDB-SLOP-npm-d3f3113357 | pkg:npm/JWT-simple | high | Slopsquatting candidate: JWT-simple (npm) |
| VDB-SLOP-npm-c646055ee9 | pkg:npm/plugin-sql | high | Slopsquatting candidate: plugin-sql (npm) |
| VDB-SLOP-pypi-1905e70acc | pkg:pypi/text-generation-webui | high | Slopsquatting candidate: text-generation-webui (PyPI) |
| VDB-SLOP-npm-1d2791c744 | pkg:npm/big-ical | high | Slopsquatting candidate: big-ical (npm) |
| VDB-SLOP-npm-f3f3ac6e8f | pkg:npm/event-source- | high | Slopsquatting candidate: event-source- (npm) |
| VDB-SLOP-pypi-faa1dbe8ed | pkg:pypi/icalendar-parser | high | Slopsquatting candidate: icalendar-parser (PyPI) |
| VDB-SLOP-pypi-34b58ec908 | pkg:pypi/safe_yaml | high | Slopsquatting candidate: safe_yaml (PyPI) |
| VDB-SLOP-pypi-40ff05d49c | pkg:pypi/ical_feats | high | Slopsquatting candidate: ical_feats (PyPI) |
| VDB-SLOP-pypi-a9a51f4eb1 | pkg:pypi/official | high | Slopsquatting candidate: official (PyPI) |
| VDB-SLOP-pypi-bed775e188 | pkg:pypi/pyahocoras | high | Slopsquatting candidate: pyahocoras (PyPI) |
| VDB-SLOP-pypi-ef1bd20dd8 | pkg:pypi/cyclonedx-python-golang | high | Slopsquatting candidate: cyclonedx-python-golang (PyPI) |
| VDB-SLOP-pypi-3474b5d2ac | pkg:pypi/cyclonedx-cfactory | high | Slopsquatting candidate: cyclonedx-cfactory (PyPI) |
| VDB-SLOP-npm-4236656172 | pkg:npm/lodash.deepcopy | high | Slopsquatting candidate: lodash.deepcopy (npm) |
| VDB-SLOP-pypi-1bd1d27e8e | pkg:pypi/cyclonedx-python-rcf | high | Slopsquatting candidate: cyclonedx-python-rcf (PyPI) |
| VDB-SLOP-pypi-61e6ced377 | pkg:pypi/cyclonedx-validator | high | Slopsquatting candidate: cyclonedx-validator (PyPI) |
| VDB-SLOP-pypi-5ce6592120 | pkg:pypi/sbom-checker | high | Slopsquatting candidate: sbom-checker (PyPI) |
| VDB-SLOP-pypi-fa3d6d14af | pkg:pypi/cyclonedx-python-output | high | Slopsquatting candidate: cyclonedx-python-output (PyPI) |
| VDB-SLOP-npm-a169d41c13 | pkg:npm/websocket- | high | Slopsquatting candidate: websocket- (npm) |
| VDB-SLOP-npm-90ed39b31a | pkg:npm/RPC-websockets | high | Slopsquatting candidate: RPC-websockets (npm) |
| VDB-SLOP-npm-be85b208f3 | pkg:npm/kaTeX | high | Slopsquatting candidate: kaTeX (npm) |
| VDB-SLOP-npm-11f249b4f4 | pkg:npm/sql-escape-strings | high | Slopsquatting candidate: sql-escape-strings (npm) |
| VDB-SLOP-pypi-eab1a577e5 | pkg:pypi/vigil-llm | high | Slopsquatting candidate: vigil-llm (PyPI) |
| VDB-SLOP-pypi-6170c4db82 | pkg:pypi/purl-js | high | Slopsquatting candidate: purl-js (PyPI) |
| VDB-SLOP-pypi-adfd374a79 | pkg:pypi/boomerang-cyclonedx | high | Slopsquatting candidate: boomerang-cyclonedx (PyPI) |
| VDB-SLOP-npm-76aef3870a | pkg:npm/p- | high | Slopsquatting candidate: p- (npm) |
| VDB-SLOP-npm-ea0261ae18 | pkg:npm/Request-promise | high | Slopsquatting candidate: Request-promise (npm) |
| VDB-SLOP-npm-9ce5527b8b | pkg:npm/cron-syntax-parser | high | Slopsquatting candidate: cron-syntax-parser (npm) |
| VDB-SLOP-pypi-265173aa21 | pkg:pypi/cyclonedx-python3 | high | Slopsquatting candidate: cyclonedx-python3 (PyPI) |
| VDB-SLOP-pypi-41ef6e5c92 | pkg:pypi/cycledx-sbom-parser | high | Slopsquatting candidate: cycledx-sbom-parser (PyPI) |
| VDB-SLOP-pypi-2b76728dc3 | pkg:pypi/trio-http | high | Slopsquatting candidate: trio-http (PyPI) |
| VDB-SLOP-pypi-a7a587ab1a | pkg:pypi/python-front | high | Slopsquatting candidate: python-front (PyPI) |
| VDB-SLOP-pypi-c0717903e8 | pkg:pypi/yamlfriendly | high | Slopsquatting candidate: yamlfriendly (PyPI) |
| VDB-SLOP-pypi-d494ebfb70 | pkg:pypi/parseics | high | Slopsquatting candidate: parseics (PyPI) |
| VDB-SLOP-pypi-b23662e3b8 | pkg:pypi/cyclonedx-gen-python | high | Slopsquatting candidate: cyclonedx-gen-python (PyPI) |
| VDB-SLOP-pypi-054e09b7f0 | pkg:pypi/cyclonedx-xml-python | high | Slopsquatting candidate: cyclonedx-xml-python (PyPI) |
| VDB-SLOP-npm-16cc0af152 | pkg:npm/sql-injection-protection | high | Slopsquatting candidate: sql-injection-protection (npm) |
| VDB-SLOP-npm-bc1da1135d | pkg:npm/pgweb | high | Slopsquatting candidate: pgweb (npm) |
| VDB-SLOP-npm-9a129d2bd4 | pkg:npm/schedule-collision-detector | high | Slopsquatting candidate: schedule-collision-detector (npm) |
| VDB-SLOP-npm-931bfb7a69 | pkg:npm/Socket.IO | high | Slopsquatting candidate: Socket.IO (npm) |
| VDB-SLOP-npm-27c66cf52c | pkg:npm/crypto- | high | Slopsquatting candidate: crypto- (npm) |
| VDB-SLOP-npm-c8cf155147 | pkg:npm/objection.js | high | Slopsquatting candidate: objection.js (npm) |
| VDB-SLOP-cratesio-2ec867942c | pkg:cargo/cyclonedx-rc | high | Slopsquatting candidate: cyclonedx-rc (crates.io) |
| VDB-SLOP-pypi-5e1762b023 | pkg:pypi/rueml_parser | high | Slopsquatting candidate: rueml_parser (PyPI) |
| VDB-SLOP-npm-9731113f6a | pkg:npm/simple-ical-parser | high | Slopsquatting candidate: simple-ical-parser (npm) |
| VDB-SLOP-npm-acc745887a | pkg:npm/cronutils | high | Slopsquatting candidate: cronutils (npm) |
| VDB-SLOP-pypi-90c166e455 | pkg:pypi/cyclonedx-golang-lib | high | Slopsquatting candidate: cyclonedx-golang-lib (PyPI) |
| VDB-SLOP-npm-740fa9d8a4 | pkg:npm/schedule-utils | high | Slopsquatting candidate: schedule-utils (npm) |
| VDB-SLOP-npm-2d05a508fc | pkg:npm/schedule-validator | high | Slopsquatting candidate: schedule-validator (npm) |
| VDB-SLOP-npm-c336b5b658 | pkg:npm/@anthropic/mcp | high | Slopsquatting candidate: @anthropic/mcp (npm) |
| VDB-SLOP-npm-6bb35397ef | pkg:npm/uzwebsocket | high | Slopsquatting candidate: uzwebsocket (npm) |
| VDB-SLOP-npm-a994ede4db | pkg:npm/ics-to | high | Slopsquatting candidate: ics-to (npm) |
| VDB-SLOP-pypi-bc11e52288 | pkg:pypi/yamlkid | high | Slopsquatting candidate: yamlkid (PyPI) |
| VDB-SLOP-pypi-18635a38de | pkg:pypi/googlepurl | high | Slopsquatting candidate: googlepurl (PyPI) |
| VDB-SLOP-pypi-0e6df8fb09 | pkg:pypi/yamldom | high | Slopsquatting candidate: yamldom (PyPI) |
| VDB-SLOP-pypi-a85d69fda5 | pkg:pypi/icalalchemy | high | Slopsquatting candidate: icalalchemy (PyPI) |
| VDB-SLOP-npm-4b7a7a8daf | pkg:npm/sql-walker | high | Slopsquatting candidate: sql-walker (npm) |
| VDB-SLOP-npm-230b9efa0b | pkg:npm/cron-schedule-generator | high | Slopsquatting candidate: cron-schedule-generator (npm) |
| VDB-SLOP-pypi-3bfd03b7f3 | pkg:pypi/libyaml | high | Slopsquatting candidate: libyaml (PyPI) |
| VDB-SLOP-npm-581c63371b | pkg:npm/knknex | high | Slopsquatting candidate: knknex (npm) |
| VDB-SLOP-npm-37bec13fcb | pkg:npm/iCalendar | high | Slopsquatting candidate: iCalendar (npm) |
| VDB-SLOP-npm-859ea31302 | pkg:npm/@auth0/node-jwt-authentication | high | Slopsquatting candidate: @auth0/node-jwt-authentication (npm) |
| VDB-SLOP-npm-8b2785e971 | pkg:npm/Reconnecting-websocket | high | Slopsquatting candidate: Reconnecting-websocket (npm) |
| VDB-SLOP-cratesio-0f87e42d6c | pkg:cargo/cyclonedx-lib | high | Slopsquatting candidate: cyclonedx-lib (crates.io) |
| VDB-SLOP-go-5d6525490a | pkg:golang/github.com/swaggest/openapi3-go | high | Slopsquatting candidate: github.com/swaggest/openapi3-go (Go) |
| VDB-SLOP-pypi-3fea97e503 | pkg:pypi/opentelemetry-context | high | Slopsquatting candidate: opentelemetry-context (PyPI) |
| VDB-SLOP-pypi-97c6afb025 | pkg:pypi/purl-generator | high | Slopsquatting candidate: purl-generator (PyPI) |
| VDB-SLOP-pypi-a821a483a6 | pkg:pypi/waste_yaml | high | Slopsquatting candidate: waste_yaml (PyPI) |
| VDB-SLOP-pypi-9026beb49e | pkg:pypi/django-purl | high | Slopsquatting candidate: django-purl (PyPI) |
| VDB-SLOP-pypi-49b6a35df2 | pkg:pypi/cyclonedx-model-python | high | Slopsquatting candidate: cyclonedx-model-python (PyPI) |
| VDB-SLOP-cratesio-340eec9fdc | pkg:cargo/sbom-validator | high | Slopsquatting candidate: sbom-validator (crates.io) |
| VDB-SLOP-pypi-255b9202b9 | pkg:pypi/cyclonedx-python-retrofit | high | Slopsquatting candidate: cyclonedx-python-retrofit (PyPI) |