SlopGuard
Pre-install supply-chain guard that catches AI-hallucinated, typosquatted and malicious dependencies — zero runtime deps.
- Role
- Sole author — architecture, detection engine, CLI, CI integrations and SaaS.
- Context
- Slopsquatting is an emerging supply-chain threat documented in USENIX Security 2025: LLMs frequently recommend `pip install` or `npm install` of packages that do not exist — roughly 20% of AI-suggested packages are hallucinated, with ~38% being near-misses on real package names. Attackers monitor LLM outputs and pre-register those hallucinated names with malicious payloads.
Problem
There was no pre-install interception layer that could deterministically evaluate a package's legitimacy — checking typosquatting distance, publication age, download velocity, OSV threat intelligence and LLM hallucination likelihood — before any code executes on the developer's machine.
Approach
- 5-layer detection engine (layers 0–4) that scores packages without executing any of their code.
- Ecosystem-agnostic core with pluggable adapters for PyPI and npm.
- Multiple frontends covering every integration point: CLI, pre-commit hook, GitHub Action and self-hostable SaaS.
- Provable anti-false-positive invariant: the opt-in LLM hallucination layer is structurally unable to block a legitimate package on its own.
Impact
- Catches malicious and hallucinated packages before installation — zero runtime dependencies shipped to consumer environments.
- Test suite of 2687 collected tests (including parametrized) enforces correctness at every detection layer with a CI gate of ≥90% global coverage and ≥95% on critical paths.
- 8 import-linter architecture contracts prevent cross-boundary coupling as the codebase grows.
- Layered scoring with provable anti-false-positive invariantImplementedSecurity
- OSV.dev threat-intel with fail-closed degradationImplementedSecurity
- Opt-in LLM hallucination layer, structurally unable to block legitimate packagesImplementedSecurity
- Deterministic, network-free typosquatting detection (Damerau-Levenshtein + Jaro-Winkler)ImplementedSecurity
Stack
- Python 3.11+
- stdlib only
- mypy strict
- ruff (bandit)
- import-linter
- pytest
- GitHub Actions
- CodeQL
- FastAPI
- Next.js
- PostgreSQL
- Redis














