Slopsquatting is now a confirmed supply-chain threat — gate your dependencies

Roughly 20% of AI-generated code references packages that don't exist, and attackers are registering those hallucinated names as malware. The CSA and vendors document real cases: the malicious unused-imports npm package (a hallucination of eslint-plugin-unused-imports) was still pulling ~233 weekly downloads in February, and react-codeshift spread through 237 repos largely via autonomous agents installing their own hallucinated output. The defense is concrete: add a dependency scanner that flags non-existent/suspicious packages before install, pin lockfiles, and don't let coding agents resolve dependencies unsupervised.

---

Sources: Cloud Security Alliance · Trend Micro