VDB
KO

Slopsquatting candidates — names attackers will target next

Package names multiple LLMs repeatedly hallucinate are exact targeting information for attackers — "register this and someone will install it". We see those names before attackers do.

How we detect

We regularly run a matrix of hundreds of programming prompts through major LLMs (Claude, GPT, Gemini, Llama) and harvest the package names they recommend. Cross-model agreement raises the target score. The registry status is checked live against npm/PyPI/crates.io for (1) non-existence, (2) recent registration with suspicious patterns, and (3) empty wrappers around famous names.

Bulk package check

Paste package names suggested by an LLM, one per line. Flagged candidates appear below.

all npm PyPI Go crates.io Maven
id purl risk summary
VDB-SLOP-go-5cb76c9323 pkg:golang/github.com/rbretecher/openapi-parser high Slopsquatting candidate: github.com/rbretecher/openapi-parser (Go)
VDB-SLOP-go-5d6525490a pkg:golang/github.com/swaggest/openapi3-go high Slopsquatting candidate: github.com/swaggest/openapi3-go (Go)
VDB-SLOP-go-152855927a pkg:golang/github.com/chrusty/openapi-parser high Slopsquatting candidate: github.com/chrusty/openapi-parser (Go)
VDB-SLOP-go-04ebe0c4c1 pkg:golang/github.com/tidwall/jo high Slopsquatting candidate: github.com/tidwall/jo (Go)
VDB-SLOP-go-d23c6f1fc7 pkg:golang/github.com/tidwall/jstream high Slopsquatting candidate: github.com/tidwall/jstream (Go)
VDB-SLOP-go-274a122052 pkg:golang/github.com/mailru/easy high Slopsquatting candidate: github.com/mailru/easy (Go)
VDB-SLOP-go-389963372f pkg:golang/github.com/golang-cdk/openapi3 high Slopsquatting candidate: github.com/golang-cdk/openapi3 (Go)
VDB-SLOP-go-d0513eddd6 pkg:golang/github.com/issue9/jsonpointer high Slopsquatting candidate: github.com/issue9/jsonpointer (Go)
VDB-SLOP-go-8dc1379cf3 pkg:golang/github.com/json-iterator/go-json high Slopsquatting candidate: github.com/json-iterator/go-json (Go)
VDB-SLOP-go-8911a9cf0a pkg:golang/github.com/swagger-api/swagger-go-codegen high Slopsquatting candidate: github.com/swagger-api/swagger-go-codegen (Go)
VDB-SLOP-go-3ab49344e4 pkg:golang/github.com/kraken-io/openapi2jsonschema high Slopsquatting candidate: github.com/kraken-io/openapi2jsonschema (Go)
VDB-SLOP-go-6a52b815c5 pkg:golang/github.com/wagoodman/go-openapi-parser high Slopsquatting candidate: github.com/wagoodman/go-openapi-parser (Go)
VDB-SLOP-go-b4bcaec82d pkg:golang/github.com/tidwall/streamjson high Slopsquatting candidate: github.com/tidwall/streamjson (Go)
VDB-SLOP-go-1f4d5bf7b9 pkg:golang/github.com/go-json-iterator/json-iterator high Slopsquatting candidate: github.com/go-json-iterator/json-iterator (Go)
VDB-SLOP-go-021536c60f pkg:golang/github.com/goccy/go- high Slopsquatting candidate: github.com/goccy/go- (Go)
VDB-SLOP-go-beecf38642 pkg:golang/github.com/josharian/jsonq high Slopsquatting candidate: github.com/josharian/jsonq (Go)
VDB-SLOP-go-a3fa771ea7 pkg:golang/github.com/swagger-api/swagger-go high Slopsquatting candidate: github.com/swagger-api/swagger-go (Go)
VDB-SLOP-go-e5b366b406 pkg:golang/github.com/bytehouse-labs/openapi-generator high Slopsquatting candidate: github.com/bytehouse-labs/openapi-generator (Go)
VDB-SLOP-go-fc9cbef618 pkg:golang/github.com/pomerium/sentinel high Slopsquatting candidate: github.com/pomerium/sentinel (Go)
VDB-SLOP-go-fc1b466708 pkg:golang/github.com/valyala/quickjson high Slopsquatting candidate: github.com/valyala/quickjson (Go)
VDB-SLOP-go-c209ab5165 pkg:golang/github.com/virtuald/fastjson high Slopsquatting candidate: github.com/virtuald/fastjson (Go)
VDB-SLOP-go-8f7f793010 pkg:golang/github.com/tidwall/prettyjson high Slopsquatting candidate: github.com/tidwall/prettyjson (Go)
VDB-SLOP-go-0d344a6572 pkg:golang/github.com/pquerna/helmet high Slopsquatting candidate: github.com/pquerna/helmet (Go)
VDB-SLOP-go-92a6913ffe pkg:golang/github.com/munenori/stream-json high Slopsquatting candidate: github.com/munenori/stream-json (Go)
VDB-SLOP-go-1d4a23dbd1 pkg:golang/github.com/valyala/fast high Slopsquatting candidate: github.com/valyala/fast (Go)
VDB-SLOP-go-f6ececba10 pkg:golang/github.com/tidwall/sgjson high Slopsquatting candidate: github.com/tidwall/sgjson (Go)
VDB-SLOP-go-0dec2763b4 pkg:golang/github.com/buger/json high Slopsquatting candidate: github.com/buger/json (Go)
VDB-SLOP-go-28eac1909b pkg:golang/github.com/swagger-api/swagger-go-client high Slopsquatting candidate: github.com/swagger-api/swagger-go-client (Go)
VDB-SLOP-go-f52e716287 pkg:golang/github.com/oas-kit/oas-addon high Slopsquatting candidate: github.com/oas-kit/oas-addon (Go)
VDB-SLOP-go-1d5bd67e4a pkg:golang/github.com/tidwall/ezjson high Slopsquatting candidate: github.com/tidwall/ezjson (Go)
VDB-SLOP-go-6141072437 pkg:golang/github.com/openapi-contrib/go-openapi-jsonschema high Slopsquatting candidate: github.com/openapi-contrib/go-openapi-jsonschema (Go)
VDB-SLOP-go-b3063fb1cf pkg:golang/github.com/segmentio/json-iterator high Slopsquatting candidate: github.com/segmentio/json-iterator (Go)