Slopsquatting candidates — names attackers will target next
Package names multiple LLMs repeatedly hallucinate are exact targeting information for attackers — "register this and someone will install it". We see those names before attackers do.
How we detect
We regularly run a matrix of hundreds of programming prompts through major LLMs (Claude, GPT, Gemini, Llama) and harvest the package names they recommend. Cross-model agreement raises the target score. The registry status is checked live against npm/PyPI/crates.io for (1) non-existence, (2) recent registration with suspicious patterns, and (3) empty wrappers around famous names.
Bulk package check
Paste package names suggested by an LLM, one per line. Flagged candidates appear below.
| id | purl | risk | summary |
|---|---|---|---|
| VDB-SLOP-npm-d0e0fb5583 | pkg:npm/phoenix.js | high | Slopsquatting candidate: phoenix.js (npm) |
| VDB-SLOP-npm-298d52cfd4 | pkg:npm/nxtjwt | high | Slopsquatting candidate: nxtjwt (npm) |
| VDB-SLOP-npm-00d2cadf13 | pkg:npm/deep-clone-webpack-plugin | high | Slopsquatting candidate: deep-clone-webpack-plugin (npm) |
| VDB-SLOP-npm-ae9a6aa915 | pkg:npm/cronparser | high | Slopsquatting candidate: cronparser (npm) |
| VDB-SLOP-npm-73ff7581f7 | pkg:npm/@pusher/pusher-js | high | Slopsquatting candidate: @pusher/pusher-js (npm) |
| VDB-SLOP-npm-569243c633 | pkg:npm/cron-expresso | high | Slopsquatting candidate: cron-expresso (npm) |
| VDB-SLOP-npm-a8b8dbbca9 | pkg:npm/jsonwebtoken-promise | high | Slopsquatting candidate: jsonwebtoken-promise (npm) |
| VDB-SLOP-npm-e6e0f0d6af | pkg:npm/ts-nexus | high | Slopsquatting candidate: ts-nexus (npm) |
| VDB-SLOP-npm-56c9ea855f | pkg:npm/fast-jsonwebtoken | high | Slopsquatting candidate: fast-jsonwebtoken (npm) |
| VDB-SLOP-npm-6a26244e4a | pkg:npm/@auth0/jwt-decode | high | Slopsquatting candidate: @auth0/jwt-decode (npm) |
| VDB-SLOP-npm-f06134747e | pkg:npm/@auth0/node-jsonwebtoken | high | Slopsquatting candidate: @auth0/node-jsonwebtoken (npm) |
| VDB-SLOP-npm-d8259adfe9 | pkg:npm/json-deep-clone | high | Slopsquatting candidate: json-deep-clone (npm) |
| VDB-SLOP-npm-580daa2559 | pkg:npm/momend | high | Slopsquatting candidate: momend (npm) |
| VDB-SLOP-npm-ce17f68b13 | pkg:npm/jsonwebtoken-3 | high | Slopsquatting candidate: jsonwebtoken-3 (npm) |
| VDB-SLOP-npm-79cdc20ed7 | pkg:npm/clone-dedeep | high | Slopsquatting candidate: clone-dedeep (npm) |
| VDB-SLOP-npm-42a6edd9ae | pkg:npm/rsa-jwt | high | Slopsquatting candidate: rsa-jwt (npm) |
| VDB-SLOP-npm-b8706ad3c0 | pkg:npm/Bitfinex-api-node | high | Slopsquatting candidate: Bitfinex-api-node (npm) |
| VDB-SLOP-npm-509c848aa7 | pkg:npm/robust- | high | Slopsquatting candidate: robust- (npm) |
| VDB-SLOP-npm-3496e2da1f | pkg:npm/5. | high | Slopsquatting candidate: 5. (npm) |
| VDB-SLOP-npm-155e988205 | pkg:npm/Realtime | high | Slopsquatting candidate: Realtime (npm) |
| VDB-SLOP-npm-4fdc977857 | pkg:npm/Native-WebSocket | high | Slopsquatting candidate: Native-WebSocket (npm) |
| VDB-SLOP-npm-d3f3113357 | pkg:npm/JWT-simple | high | Slopsquatting candidate: JWT-simple (npm) |
| VDB-SLOP-npm-c646055ee9 | pkg:npm/plugin-sql | high | Slopsquatting candidate: plugin-sql (npm) |
| VDB-SLOP-npm-1d2791c744 | pkg:npm/big-ical | high | Slopsquatting candidate: big-ical (npm) |
| VDB-SLOP-npm-f3f3ac6e8f | pkg:npm/event-source- | high | Slopsquatting candidate: event-source- (npm) |
| VDB-SLOP-npm-4236656172 | pkg:npm/lodash.deepcopy | high | Slopsquatting candidate: lodash.deepcopy (npm) |
| VDB-SLOP-npm-a169d41c13 | pkg:npm/websocket- | high | Slopsquatting candidate: websocket- (npm) |
| VDB-SLOP-npm-90ed39b31a | pkg:npm/RPC-websockets | high | Slopsquatting candidate: RPC-websockets (npm) |
| VDB-SLOP-npm-be85b208f3 | pkg:npm/kaTeX | high | Slopsquatting candidate: kaTeX (npm) |
| VDB-SLOP-npm-11f249b4f4 | pkg:npm/sql-escape-strings | high | Slopsquatting candidate: sql-escape-strings (npm) |
| VDB-SLOP-npm-76aef3870a | pkg:npm/p- | high | Slopsquatting candidate: p- (npm) |
| VDB-SLOP-npm-ea0261ae18 | pkg:npm/Request-promise | high | Slopsquatting candidate: Request-promise (npm) |
| VDB-SLOP-npm-9ce5527b8b | pkg:npm/cron-syntax-parser | high | Slopsquatting candidate: cron-syntax-parser (npm) |
| VDB-SLOP-npm-16cc0af152 | pkg:npm/sql-injection-protection | high | Slopsquatting candidate: sql-injection-protection (npm) |
| VDB-SLOP-npm-bc1da1135d | pkg:npm/pgweb | high | Slopsquatting candidate: pgweb (npm) |
| VDB-SLOP-npm-9a129d2bd4 | pkg:npm/schedule-collision-detector | high | Slopsquatting candidate: schedule-collision-detector (npm) |
| VDB-SLOP-npm-931bfb7a69 | pkg:npm/Socket.IO | high | Slopsquatting candidate: Socket.IO (npm) |
| VDB-SLOP-npm-27c66cf52c | pkg:npm/crypto- | high | Slopsquatting candidate: crypto- (npm) |
| VDB-SLOP-npm-c8cf155147 | pkg:npm/objection.js | high | Slopsquatting candidate: objection.js (npm) |
| VDB-SLOP-npm-9731113f6a | pkg:npm/simple-ical-parser | high | Slopsquatting candidate: simple-ical-parser (npm) |
| VDB-SLOP-npm-acc745887a | pkg:npm/cronutils | high | Slopsquatting candidate: cronutils (npm) |
| VDB-SLOP-npm-740fa9d8a4 | pkg:npm/schedule-utils | high | Slopsquatting candidate: schedule-utils (npm) |
| VDB-SLOP-npm-2d05a508fc | pkg:npm/schedule-validator | high | Slopsquatting candidate: schedule-validator (npm) |
| VDB-SLOP-npm-c336b5b658 | pkg:npm/@anthropic/mcp | high | Slopsquatting candidate: @anthropic/mcp (npm) |
| VDB-SLOP-npm-6bb35397ef | pkg:npm/uzwebsocket | high | Slopsquatting candidate: uzwebsocket (npm) |
| VDB-SLOP-npm-a994ede4db | pkg:npm/ics-to | high | Slopsquatting candidate: ics-to (npm) |
| VDB-SLOP-npm-4b7a7a8daf | pkg:npm/sql-walker | high | Slopsquatting candidate: sql-walker (npm) |
| VDB-SLOP-npm-230b9efa0b | pkg:npm/cron-schedule-generator | high | Slopsquatting candidate: cron-schedule-generator (npm) |
| VDB-SLOP-npm-581c63371b | pkg:npm/knknex | high | Slopsquatting candidate: knknex (npm) |
| VDB-SLOP-npm-37bec13fcb | pkg:npm/iCalendar | high | Slopsquatting candidate: iCalendar (npm) |
| VDB-SLOP-npm-859ea31302 | pkg:npm/@auth0/node-jwt-authentication | high | Slopsquatting candidate: @auth0/node-jwt-authentication (npm) |
| VDB-SLOP-npm-8b2785e971 | pkg:npm/Reconnecting-websocket | high | Slopsquatting candidate: Reconnecting-websocket (npm) |
| VDB-SLOP-npm-341c2899d2 | pkg:npm/hash-SHA256 | high | Slopsquatting candidate: hash-SHA256 (npm) |
| VDB-SLOP-npm-7b13a29350 | pkg:npm/phaserx | high | Slopsquatting candidate: phaserx (npm) |
| VDB-SLOP-npm-a64126a8fa | pkg:npm/BnWebSocket | high | Slopsquatting candidate: BnWebSocket (npm) |
| VDB-SLOP-npm-dc1f463a50 | pkg:npm/jsonwebtoken-simple | high | Slopsquatting candidate: jsonwebtoken-simple (npm) |
| VDB-SLOP-npm-968da25853 | pkg:npm/These | high | Slopsquatting candidate: These (npm) |
| VDB-SLOP-npm-1faa7e3a68 | pkg:npm/remark-katex | high | Slopsquatting candidate: remark-katex (npm) |
| VDB-SLOP-npm-81a9e0b5ac | pkg:npm/node-cron-collision | high | Slopsquatting candidate: node-cron-collision (npm) |
| VDB-SLOP-npm-33751f9a3f | pkg:npm/checksum-verify | high | Slopsquatting candidate: checksum-verify (npm) |
| VDB-SLOP-npm-49fd57712f | pkg:npm/parse-icalendar | high | Slopsquatting candidate: parse-icalendar (npm) |
| VDB-SLOP-npm-5c65c1d606 | pkg:npm/cron-collision-detect | high | Slopsquatting candidate: cron-collision-detect (npm) |
| VDB-SLOP-npm-59d7de093e | pkg:npm/croncollider | high | Slopsquatting candidate: croncollider (npm) |
| VDB-SLOP-npm-88806dd032 | pkg:npm/sql-injection-safe | high | Slopsquatting candidate: sql-injection-safe (npm) |
| VDB-SLOP-npm-ff378d6c5c | pkg:npm/sql-server | high | Slopsquatting candidate: sql-server (npm) |
| VDB-SLOP-npm-367d95b70e | pkg:npm/TeX | high | Slopsquatting candidate: TeX (npm) |
| VDB-SLOP-npm-39c06e482c | pkg:npm/rehype- | high | Slopsquatting candidate: rehype- (npm) |
| VDB-SLOP-npm-2100bab22a | pkg:npm/@fortress-ai/sql | high | Slopsquatting candidate: @fortress-ai/sql (npm) |
| VDB-SLOP-npm-2e3c8d0cac | pkg:npm/immutable-clone | high | Slopsquatting candidate: immutable-clone (npm) |
| VDB-SLOP-npm-3ed55ea5a0 | pkg:npm/cron-util | high | Slopsquatting candidate: cron-util (npm) |
| VDB-SLOP-npm-781b41980e | pkg:npm/reactivex-websockets | high | Slopsquatting candidate: reactivex-websockets (npm) |
| VDB-SLOP-npm-0c595c6698 | pkg:npm/cronsim | high | Slopsquatting candidate: cronsim (npm) |
| VDB-SLOP-npm-ecd9bb9f3f | pkg:npm/phaserjs | high | Slopsquatting candidate: phaserjs (npm) |
| VDB-SLOP-npm-b5011a138c | pkg:npm/RxJS | high | Slopsquatting candidate: RxJS (npm) |
| VDB-SLOP-npm-263fc06d0e | pkg:npm/knex-sanitizer | high | Slopsquatting candidate: knex-sanitizer (npm) |
| VDB-SLOP-npm-034bc9efc6 | pkg:npm/@types/react-markdown | high | Slopsquatting candidate: @types/react-markdown (npm) |
| VDB-SLOP-npm-5dd12daea1 | pkg:npm/@prettier/plugin-sql | high | Slopsquatting candidate: @prettier/plugin-sql (npm) |
| VDB-SLOP-npm-78c2103fd8 | pkg:npm/json-stable | high | Slopsquatting candidate: json-stable (npm) |
| VDB-SLOP-npm-b50bd1a10f | pkg:npm/Realtime.co | high | Slopsquatting candidate: Realtime.co (npm) |
| VDB-SLOP-npm-3170d20de4 | pkg:npm/SockJS | high | Slopsquatting candidate: SockJS (npm) |
| VDB-SLOP-npm-bc7ffef107 | pkg:npm/parseical | high | Slopsquatting candidate: parseical (npm) |
| VDB-SLOP-npm-b2817efb36 | pkg:npm/ajust | high | Slopsquatting candidate: ajust (npm) |
| VDB-SLOP-npm-c0c98c69c7 | pkg:npm/R.clone | high | Slopsquatting candidate: R.clone (npm) |
| VDB-SLOP-npm-8a51ebf971 | pkg:npm/xss-sql-sanitizer | high | Slopsquatting candidate: xss-sql-sanitizer (npm) |
| VDB-SLOP-npm-9cf82420ee | pkg:npm/safe-sql-stringify | high | Slopsquatting candidate: safe-sql-stringify (npm) |
| VDB-SLOP-npm-e25dcc83ae | pkg:npm/sqlc | high | Slopsquatting candidate: sqlc (npm) |
| VDB-SLOP-npm-c08795c30e | pkg:npm/cron-checker | high | Slopsquatting candidate: cron-checker (npm) |
| VDB-SLOP-npm-feae482eb2 | pkg:npm/cron-expression | high | Slopsquatting candidate: cron-expression (npm) |
| VDB-SLOP-npm-81e4a89977 | pkg:npm/cronism | high | Slopsquatting candidate: cronism (npm) |
| VDB-SLOP-npm-56ba5417e2 | pkg:npm/eclipse-paho.websocket | high | Slopsquatting candidate: eclipse-paho.websocket (npm) |
| VDB-SLOP-npm-d07dd70e4b | pkg:npm/cronexpr | high | Slopsquatting candidate: cronexpr (npm) |
| VDB-SLOP-npm-817b132c7f | pkg:npm/calendar-parser | high | Slopsquatting candidate: calendar-parser (npm) |
| VDB-SLOP-npm-c1d6b5aea8 | pkg:npm/jstimezoned-cron | high | Slopsquatting candidate: jstimezoned-cron (npm) |
| VDB-SLOP-npm-6e435f7cdb | pkg:npm/mysql-escape-string | high | Slopsquatting candidate: mysql-escape-string (npm) |
| VDB-SLOP-npm-b731e0a5e5 | pkg:npm/sanitize-sql-query | high | Slopsquatting candidate: sanitize-sql-query (npm) |
| VDB-SLOP-npm-b010ef97d3 | pkg:npm/cron-collision-checker | high | Slopsquatting candidate: cron-collision-checker (npm) |
| VDB-SLOP-npm-f484e65c1e | pkg:npm/@sqltools/parser | high | Slopsquatting candidate: @sqltools/parser (npm) |
| VDB-SLOP-npm-5eecacd42d | pkg:npm/well-known-jwt | high | Slopsquatting candidate: well-known-jwt (npm) |
| VDB-SLOP-npm-62c20adb12 | pkg:npm/WebSocket-as-promised | high | Slopsquatting candidate: WebSocket-as-promised (npm) |
| VDB-SLOP-npm-cbb6008906 | pkg:npm/mysql-injection | high | Slopsquatting candidate: mysql-injection (npm) |