Slopsquatting candidates — names attackers will target next
Package names multiple LLMs repeatedly hallucinate are exact targeting information for attackers — "register this and someone will install it". We see those names before attackers do.
How we detect
We regularly run a matrix of hundreds of programming prompts through major LLMs (Claude, GPT, Gemini, Llama) and harvest the package names they recommend. Cross-model agreement raises the target score. The registry status is checked live against npm/PyPI/crates.io for (1) non-existence, (2) recent registration with suspicious patterns, and (3) empty wrappers around famous names.
Bulk package check
Paste package names suggested by an LLM, one per line. Flagged candidates appear below.
| id | purl | risk | summary |
|---|---|---|---|
| VDB-SLOP-npm-d0e0fb5583 | pkg:npm/phoenix.js | high | Slopsquatting candidate: phoenix.js (npm) |
| VDB-SLOP-npm-ca1a4a504d | pkg:npm/Rambda | high | Slopsquatting candidate: Rambda (npm) |
| VDB-SLOP-npm-00d2cadf13 | pkg:npm/deep-clone-webpack-plugin | high | Slopsquatting candidate: deep-clone-webpack-plugin (npm) |
| VDB-SLOP-npm-ae9a6aa915 | pkg:npm/cronparser | high | Slopsquatting candidate: cronparser (npm) |
| VDB-SLOP-npm-569243c633 | pkg:npm/cron-expresso | high | Slopsquatting candidate: cron-expresso (npm) |
| VDB-SLOP-npm-e6e0f0d6af | pkg:npm/ts-nexus | high | Slopsquatting candidate: ts-nexus (npm) |
| VDB-SLOP-npm-509c848aa7 | pkg:npm/robust- | high | Slopsquatting candidate: robust- (npm) |
| VDB-SLOP-npm-3496e2da1f | pkg:npm/5. | high | Slopsquatting candidate: 5. (npm) |
| VDB-SLOP-npm-155e988205 | pkg:npm/Realtime | high | Slopsquatting candidate: Realtime (npm) |
| VDB-SLOP-npm-b010ef97d3 | pkg:npm/cron-collision-checker | high | Slopsquatting candidate: cron-collision-checker (npm) |
| VDB-SLOP-npm-735860febd | pkg:npm/safer-sql-parser | high | Slopsquatting candidate: safer-sql-parser (npm) |
| VDB-SLOP-npm-09b67c43d0 | pkg:npm/sql-sanitize | high | Slopsquatting candidate: sql-sanitize (npm) |
| VDB-SLOP-npm-11f249b4f4 | pkg:npm/sql-escape-strings | high | Slopsquatting candidate: sql-escape-strings (npm) |
| VDB-SLOP-npm-66cbe3d329 | pkg:npm/structuredClone | high | Slopsquatting candidate: structuredClone (npm) |
| VDB-SLOP-npm-396556c23b | pkg:npm/event-source-parser | high | Slopsquatting candidate: event-source-parser (npm) |
| VDB-SLOP-npm-98b66a3a71 | pkg:npm/cron-collision | high | Slopsquatting candidate: cron-collision (npm) |
| VDB-SLOP-npm-c08795c30e | pkg:npm/cron-checker | high | Slopsquatting candidate: cron-checker (npm) |
| VDB-SLOP-npm-979efcb83c | pkg:npm/@anthropic/mcp-sdk | high | Slopsquatting candidate: @anthropic/mcp-sdk (npm) |
| VDB-SLOP-npm-27c66cf52c | pkg:npm/crypto- | high | Slopsquatting candidate: crypto- (npm) |