AI can write. Trace can read. Open-source static analyzer for the 24 failure patterns that only AI writes.
25 production-tested defensive security skills for Claude Code - WordPress, VPS, Cloudflare, Next.js hardening, AI agent guardrails, MCP security, prompt injection defense, OWASP LLM Top 10, LLM coding failure modes (slopsquatting, hallucinated APIs, sycophancy), incident response, GDPR/DACH compliance. MIT, battle-tested.
Scan markdown and config files for hallucinated npm package names. Defends against slopsquatting supply chain attacks.
👻 Stop installing packages that don't exist. When AI hallucinates names like "flask-gpt-helper", attackers register them as malware. Phantom Guard detects slopsquatting attacks across PyPI, npm & crates.io before you install.
Ten years writing software taught me not to run code i havent checked. Vibcoders dont have that reflex, so i built npmguard to be it: it screens every npm package for known-malicious code and typosquats before anything runs, in Claude Code, Cursor and Codex over MCP or the CLI. one Rust binary, off npm on purpose.
DepScope — Package Intelligence for AI Agents. 22 MCP tools, 19 ecosystems, free, no auth. https://depscope.dev
Detect slopsquatting attacks — AI-hallucinated packages in your dependencies. Rust CLI + GitHub Action.
Deterministic guardrail for Claude Code: hooks that block ungrounded agent actions — editing files it never read, installing hallucinated packages, citing dead links. No LLM in the loop.
Block AI-hallucinated and slopsquatted npm/pip packages before they install. Pre-tool-use hook for Claude Code, by UNPWNED.
Package intelligence MCP server. Stops AI agents from installing hallucinated/malicious packages across 19 ecosystems. 22 tools, free, no auth.
Detect hallucinated (non-existent) packages in AI-generated code
Vet the packages & repos your AI assistant recommended — before you install. Catches hallucinated/slopsquatted names, CVEs, malware, license traps & fake stars across 8 ecosystems. No API key.
Catch hallucinated and typosquatted imports before they run. Resolves Python and JS/TS imports against stdlib, manifest, and local modules; flags slopsquatting typosquats of popular packages. Offline pre-commit gate and Claude Code skill. Stdlib only.
Public corpus of LLM-hallucinated package names observed in production AI coding agent traffic across 19 ecosystems. Updated daily. CC-BY-NC-SA 4.0.
Add a description, image, and links to the slopsquatting topic page so that developers can more easily learn about it.
To associate your repository with the slopsquatting topic, visit your repo's landing page and select "manage topics."