Slopsquatting candidates — names attackers will target next
Package names multiple LLMs repeatedly hallucinate are exact targeting information for attackers — "register this and someone will install it". We see those names before attackers do.
How we detect
We regularly run a matrix of hundreds of programming prompts through major LLMs (Claude, GPT, Gemini, Llama) and harvest the package names they recommend. Cross-model agreement raises the target score. The registry status is checked live against npm/PyPI/crates.io for (1) non-existence, (2) recent registration with suspicious patterns, and (3) empty wrappers around famous names.
Bulk package check
Paste package names suggested by an LLM, one per line. Flagged candidates appear below.
| id | purl | risk | summary |
|---|---|---|---|
| VDB-SLOP-go-5cb76c9323 | pkg:golang/github.com/rbretecher/openapi-parser | high | Slopsquatting candidate: github.com/rbretecher/openapi-parser (Go) |
| VDB-SLOP-go-8dc1379cf3 | pkg:golang/github.com/json-iterator/go-json | high | Slopsquatting candidate: github.com/json-iterator/go-json (Go) |