AI coding assistants often suggest plausible-sounding packages that do not exist, and attackers pre-register those hallucinated names on PyPI and npm to deliver malicious install hooks when developers copy-paste install commands. Research shows nearly 20% of AI-generated code references fake packages and 43% of hallucinations repeat across runs, and slopcheck stops nonexistent or suspicious packages at the install boundary. #Slopsquatting #slopcheck
Keypoints
- AI coding assistants frequently hallucinate package names and recommend nonexistent libraries.
- Attackers perform slopsquatting by registering those hallucinated names on registries and embedding malicious install hooks.
- A 2025 USENIX study found nearly 20% of AI-generated samples referenced fake packages and 43% of hallucinations repeated across runs.
- Cross-ecosystem bleed and repeatable hallucinations make the attack surface predictable, scalable, and targetable.
- Slopcheck is an open-source CLI that blocks nonexistent packages, flags suspicious ones, supports seven ecosystems, and integrates into CI to prevent slopsquatting at install time.
Read More: https://www.toxsec.com/p/what-is-slopsquatting-ai-hallucinations