Slopsquatting candidates — names attackers will target next
Package names multiple LLMs repeatedly hallucinate are exact targeting information for attackers — "register this and someone will install it". We see those names before attackers do.
How we detect
We regularly run a matrix of hundreds of programming prompts through major LLMs (Claude, GPT, Gemini, Llama) and harvest the package names they recommend. Cross-model agreement raises the target score. The registry status is checked live against npm/PyPI/crates.io for (1) non-existence, (2) recent registration with suspicious patterns, and (3) empty wrappers around famous names.
Bulk package check
Paste package names suggested by an LLM, one per line. Flagged candidates appear below.
| id | purl | risk | summary |
|---|---|---|---|
| VDB-SLOP-cratesio-f56bb810b0 | pkg:cargo/cyclonedx-parse | high | Slopsquatting candidate: cyclonedx-parse (crates.io) |
| VDB-SLOP-cratesio-4e5e231770 | pkg:cargo/cyclonedx-rs | high | Slopsquatting candidate: cyclonedx-rs (crates.io) |
| VDB-SLOP-cratesio-915e3c2299 | pkg:cargo/bom-rs | high | Slopsquatting candidate: bom-rs (crates.io) |
| VDB-SLOP-cratesio-fed3d0aa53 | pkg:cargo/cyclonedx-sbom | high | Slopsquatting candidate: cyclonedx-sbom (crates.io) |
| VDB-SLOP-cratesio-f39e8af0f6 | pkg:cargo/cyclonedx-derive | high | Slopsquatting candidate: cyclonedx-derive (crates.io) |
| VDB-SLOP-cratesio-e01b63e7ca | pkg:cargo/sbom-parser | high | Slopsquatting candidate: sbom-parser (crates.io) |
| VDB-SLOP-cratesio-61e443d04e | pkg:cargo/cyclonedx | high | Slopsquatting candidate: cyclonedx (crates.io) |