Slopsquatting candidates — names attackers will target next
Package names multiple LLMs repeatedly hallucinate are exact targeting information for attackers — "register this and someone will install it". We see those names before attackers do.
How we detect
We regularly run a matrix of hundreds of programming prompts through major LLMs (Claude, GPT, Gemini, Llama) and harvest the package names they recommend. Cross-model agreement raises the target score. The registry status is checked live against npm/PyPI/crates.io for (1) non-existence, (2) recent registration with suspicious patterns, and (3) empty wrappers around famous names.
Bulk package check
Paste package names suggested by an LLM, one per line. Flagged candidates appear below.
| id | purl | risk | summary |
|---|---|---|---|
| VDB-SLOP-go-5cb76c9323 | pkg:golang/github.com/rbretecher/openapi-parser | high | Slopsquatting candidate: github.com/rbretecher/openapi-parser (Go) |
| VDB-SLOP-go-5d6525490a | pkg:golang/github.com/swaggest/openapi3-go | high | Slopsquatting candidate: github.com/swaggest/openapi3-go (Go) |
| VDB-SLOP-go-152855927a | pkg:golang/github.com/chrusty/openapi-parser | high | Slopsquatting candidate: github.com/chrusty/openapi-parser (Go) |
| VDB-SLOP-go-04ebe0c4c1 | pkg:golang/github.com/tidwall/jo | high | Slopsquatting candidate: github.com/tidwall/jo (Go) |
| VDB-SLOP-go-d23c6f1fc7 | pkg:golang/github.com/tidwall/jstream | high | Slopsquatting candidate: github.com/tidwall/jstream (Go) |
| VDB-SLOP-go-274a122052 | pkg:golang/github.com/mailru/easy | high | Slopsquatting candidate: github.com/mailru/easy (Go) |
| VDB-SLOP-go-389963372f | pkg:golang/github.com/golang-cdk/openapi3 | high | Slopsquatting candidate: github.com/golang-cdk/openapi3 (Go) |
| VDB-SLOP-go-d0513eddd6 | pkg:golang/github.com/issue9/jsonpointer | high | Slopsquatting candidate: github.com/issue9/jsonpointer (Go) |
| VDB-SLOP-go-8dc1379cf3 | pkg:golang/github.com/json-iterator/go-json | high | Slopsquatting candidate: github.com/json-iterator/go-json (Go) |
| VDB-SLOP-go-8911a9cf0a | pkg:golang/github.com/swagger-api/swagger-go-codegen | high | Slopsquatting candidate: github.com/swagger-api/swagger-go-codegen (Go) |
| VDB-SLOP-go-3ab49344e4 | pkg:golang/github.com/kraken-io/openapi2jsonschema | high | Slopsquatting candidate: github.com/kraken-io/openapi2jsonschema (Go) |
| VDB-SLOP-go-6a52b815c5 | pkg:golang/github.com/wagoodman/go-openapi-parser | high | Slopsquatting candidate: github.com/wagoodman/go-openapi-parser (Go) |
| VDB-SLOP-go-b4bcaec82d | pkg:golang/github.com/tidwall/streamjson | high | Slopsquatting candidate: github.com/tidwall/streamjson (Go) |
| VDB-SLOP-go-1f4d5bf7b9 | pkg:golang/github.com/go-json-iterator/json-iterator | high | Slopsquatting candidate: github.com/go-json-iterator/json-iterator (Go) |
| VDB-SLOP-go-021536c60f | pkg:golang/github.com/goccy/go- | high | Slopsquatting candidate: github.com/goccy/go- (Go) |
| VDB-SLOP-go-beecf38642 | pkg:golang/github.com/josharian/jsonq | high | Slopsquatting candidate: github.com/josharian/jsonq (Go) |
| VDB-SLOP-go-a3fa771ea7 | pkg:golang/github.com/swagger-api/swagger-go | high | Slopsquatting candidate: github.com/swagger-api/swagger-go (Go) |
| VDB-SLOP-go-e5b366b406 | pkg:golang/github.com/bytehouse-labs/openapi-generator | high | Slopsquatting candidate: github.com/bytehouse-labs/openapi-generator (Go) |
| VDB-SLOP-go-fc9cbef618 | pkg:golang/github.com/pomerium/sentinel | high | Slopsquatting candidate: github.com/pomerium/sentinel (Go) |
| VDB-SLOP-go-fc1b466708 | pkg:golang/github.com/valyala/quickjson | high | Slopsquatting candidate: github.com/valyala/quickjson (Go) |
| VDB-SLOP-go-c209ab5165 | pkg:golang/github.com/virtuald/fastjson | high | Slopsquatting candidate: github.com/virtuald/fastjson (Go) |
| VDB-SLOP-go-8f7f793010 | pkg:golang/github.com/tidwall/prettyjson | high | Slopsquatting candidate: github.com/tidwall/prettyjson (Go) |
| VDB-SLOP-go-0d344a6572 | pkg:golang/github.com/pquerna/helmet | high | Slopsquatting candidate: github.com/pquerna/helmet (Go) |
| VDB-SLOP-go-92a6913ffe | pkg:golang/github.com/munenori/stream-json | high | Slopsquatting candidate: github.com/munenori/stream-json (Go) |
| VDB-SLOP-go-1d4a23dbd1 | pkg:golang/github.com/valyala/fast | high | Slopsquatting candidate: github.com/valyala/fast (Go) |
| VDB-SLOP-go-f6ececba10 | pkg:golang/github.com/tidwall/sgjson | high | Slopsquatting candidate: github.com/tidwall/sgjson (Go) |
| VDB-SLOP-go-0dec2763b4 | pkg:golang/github.com/buger/json | high | Slopsquatting candidate: github.com/buger/json (Go) |
| VDB-SLOP-go-28eac1909b | pkg:golang/github.com/swagger-api/swagger-go-client | high | Slopsquatting candidate: github.com/swagger-api/swagger-go-client (Go) |
| VDB-SLOP-go-f52e716287 | pkg:golang/github.com/oas-kit/oas-addon | high | Slopsquatting candidate: github.com/oas-kit/oas-addon (Go) |
| VDB-SLOP-go-1d5bd67e4a | pkg:golang/github.com/tidwall/ezjson | high | Slopsquatting candidate: github.com/tidwall/ezjson (Go) |
| VDB-SLOP-go-6141072437 | pkg:golang/github.com/openapi-contrib/go-openapi-jsonschema | high | Slopsquatting candidate: github.com/openapi-contrib/go-openapi-jsonschema (Go) |
| VDB-SLOP-go-b3063fb1cf | pkg:golang/github.com/segmentio/json-iterator | high | Slopsquatting candidate: github.com/segmentio/json-iterator (Go) |