= Slopsquatting =

Slopsquatting is a type of cybersquatting. It is the practice of registering a non-existent software package name that a large language model (LLM) may hallucinate in its output, whereby someone unknowingly may copy-paste and install the software package without realizing it is fake. Attempting to install a non-existent package should result in an error, but some have exploited this for their gain in the form of typosquatting.

The name is a portmanteau of "AI slop" and "typosquatting".

== History ==
In 2023, security researcher Bar Lanyado noted that LLMs hallucinated a package named "huggingface-cli". While this name is identical to the command used for the command-line version of HuggingFace Hub, it is not the name of the package. The software is correctly installed with the code . Lanyado tested the potential for slopsquatting by uploading an empty package under this hallucinated name. In three months, it had received over 30,000 downloads. The hallucinated packaged name was also used in the README file of a repo for research conducted by Alibaba.

In April 2025, the term was coined by Python Software Foundation Developer-in-Residence and security researcher Seth Larson and popularized by Andrew Nesbitt on Mastodon.

In May 2025, the potential and prevalence of slopsquatting was detailed in the academic paper "We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs". Some of the paper's main findings are that 19.7% of the LLM recommended packages did not exist, open-source models hallucinated far more frequently (21.7% on average, compared to proprietary / black-box models at 5.2%), CodeLlama 7B and CodeLlama 34B hallucinated in over a third of outputs, and across all models, the researchers observed over 205,000 unique hallucinated package names.

== Prevention ==
To prevent being exploited by slopsquatting, package names should be manually verified and code that is AI-generated should never be assumed to be safe before being deployed to production environments. Moreover, dependency scanners, lock files, and hash ID verifications to known and trusted package versions can be used.

== Impact ==
Feross Aboukhadijeh, CEO of security firm Socket, warns that software engineers who are practicing vibe coding may be susceptible to slopsquatting and either using the code without reviewing it or the AI assistant tool installing the non-existent package. There has not yet been a reported case where slopsquatting has been used as a cyberattack.

== See also ==
- Cybersquatting
- Typosquatting
- Prompt injection
