npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

slopcop

v1.0.2

Published

Protect yourself from slopsquatting — AI-hallucinated malicious packages on npm and PyPI

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

larsencclarsencc

Keywords

securityslopsquattingtyposquattingsupply-chainnpmpypiaihallucinationmalwarecli

Readme

slopcop

Stop installing malware hallucinated by your AI assistant.

Large language models hallucinate package names. A lot. According to a USENIX Security 2025 study, 19.7% of package recommendations across 576,000 code generation samples reference packages that do not exist -- or didn't, until an attacker registered them.

This attack is called slopsquatting: adversaries monitor LLM outputs, identify repeatedly hallucinated package names, and register them on npm and PyPI with malicious payloads. The packages look plausible. They install cleanly. And they run arbitrary code via postinstall scripts before you ever open an editor.

slopcop is a command-line tool that intercepts this kill chain. It checks packages against a battery of signals before anything touches your system.

Install

npm install -g slopcop

Requires Node.js 18+. No native dependencies -- runs on macOS, Linux, and Windows.

Usage

Check a package

Inspect a package without installing it:

$ slopcop check react-utils-helper

  slopcop v1.2.0 -- slopsquat defense

  Package:       react-utils-helper
  Registry:      npm
  Published:     2 days ago
  Downloads:     14 (lifetime)
  Versions:      1.0.0 (single release)
  Postinstall:   YES -- runs "node scripts/setup.js"
  Repository:    none
  Similar to:    react-util-helpers (4.2M weekly downloads)
  Name distance: 1 (Levenshtein)

  Risk score:    92/100
  Verdict:       DANGEROUS

  This package exhibits strong slopsquat signals. Do NOT install.
$ slopcop check express

  slopcop v1.2.0 -- slopsquat defense

  Package:       express
  Registry:      npm
  Published:     11 years ago
  Downloads:     32,104,558 (weekly)
  Versions:      271 releases
  Postinstall:   no
  Repository:    https://github.com/expressjs/express
  Similar to:    -- (this IS the popular package)
  Name distance: n/a

  Risk score:    2/100
  Verdict:       SAFE

Install a package (with guard)

Wraps npm install (or pip install with --pypi). Runs the full check first; aborts if the package is dangerous:

$ slopcop install flask-cognito-auth --pypi

  slopcop v1.2.0 -- slopsquat defense

  Package:       flask-cognito-auth
  Registry:      PyPI
  Published:     6 days ago
  Downloads:     38 (lifetime)
  Versions:      0.1.0 (single release)
  Repository:    none
  Similar to:    flask-cognito (89K monthly downloads)
  Name distance: 5 (Levenshtein)

  Risk score:    78/100
  Verdict:       SUSPICIOUS

  WARNING: This package has elevated slopsquat risk.
  Proceed with install? [y/N] n
  Aborted.

Scan your project

Scan every dependency in package.json or requirements.txt:

$ slopcop scan

  slopcop v1.2.0 -- scanning package.json (47 dependencies)

  [1/47]  express ......................... SAFE       (2/100)
  [2/47]  lodash .......................... SAFE       (1/100)
  [3/47]  react-auth-helpkit .............. DANGEROUS  (88/100)
  [4/47]  cors ............................ SAFE       (3/100)
  ...
  [47/47] jsonwebtoken .................... SAFE       (4/100)

  Summary:
    45 SAFE
     1 SUSPICIOUS
     1 DANGEROUS  <-- react-auth-helpkit

  Run `slopcop check react-auth-helpkit` for details.

Flags

| Flag | Description | |------|-------------| | --npm | Check against the npm registry (default) | | --pypi | Check against the Python Package Index | | --json | Output results as JSON | | --strict | Exit with code 1 on SUSPICIOUS or DANGEROUS | | --no-color | Disable colored output |

How It Works

slopcop evaluates packages across multiple dimensions without ever executing package code:

  1. Name pattern analysis -- Flags names that look AI-generated: overly descriptive compounds (react-utils-helper-toolkit), implausible word combinations, and names that read like a prompt completion rather than a deliberate choice.

  2. Registry metadata -- Queries the npm or PyPI registry API for:

    • Account age -- How old is the publisher's account?
    • Package age -- When was the first version published?
    • Download count -- Legitimate packages accumulate downloads over time.
    • Version count -- A single-version package published last week is suspicious.
    • Postinstall scripts -- The primary vector for slopsquat payloads. Any preinstall, install, or postinstall hook is flagged and inspected.
    • Repository link -- Missing or broken repo URLs correlate with malicious packages.

  3. Similarity matching -- Compares the package name against the top 10,000 packages on each registry using Levenshtein distance, Jaro-Winkler similarity, and keyboard-distance heuristics. A name that is one typo away from a popular package is a strong slopsquat signal.

  4. Risk scoring -- All signals are weighted and combined into a score from 0 to 100:

| Score | Verdict | Meaning | |-------|---------|---------| | 0-30 | SAFE | Package appears legitimate | | 31-65 | SUSPICIOUS | Elevated risk; review before installing | | 66-100 | DANGEROUS | Strong slopsquat indicators; do not install |

Why This Matters

Every npm install and pip install is a trust decision. LLM-assisted coding has introduced a new attack surface: developers trust AI suggestions implicitly, and attackers exploit that trust at scale.

The USENIX 2025 paper ("SloppySquat: Analyzing the Threat of LLM-Hallucinated Packages") found:

  • 19.7% of LLM-generated package names are hallucinated (do not exist on the registry)
  • 58% of hallucinated names are repeated across multiple prompts, making them predictable targets
  • Packages registered under hallucinated names received real installs within days

slopcop is a lightweight guardrail. It does not replace dependency auditing, lockfiles, or SCA tools -- it catches the class of threat those tools were not designed for.

Platform Support

| Platform | Status | |----------|--------| | macOS (arm64, x64) | Supported | | Linux (x64, arm64) | Supported | | Windows (x64) | Supported |

Pure Node.js with zero native dependencies. If node runs, slopcop runs.

Contributing

Issues and pull requests are welcome. See CONTRIBUTING.md for guidelines.

Disclaimer

SlopCop is a risk-assessment tool that uses heuristics and public registry data to flag potentially suspicious packages. It is not a guarantee of safety. A clean result does not mean a package is safe, and a flagged result does not necessarily mean a package is malicious. Always review packages before installing them in production environments. The authors are not responsible for any damages, data loss, or security incidents resulting from the use of this tool or the installation of packages it evaluates.

License

MIT -- Copyright 2026 Larsen Cundric