Hallucinated Package Detector
AI coding assistants invent package names that don't exist — or reference packages so new they're likely malicious. Paste your package.json or requirements.txt and verify every dependency against the live registry.
Why this matters
AI hallucination
ChatGPT, Claude, and Copilot regularly suggest package names that don't exist in any registry. Installing them can pull malicious lookalikes.
Dependency confusion
Attackers register packages with the same name as private internal packages. Your CI/CD installs the malicious public version instead.
Typosquatting
Packages named similarly to popular ones (requets, lodashs) are registered to capture copy-paste mistakes.
Supply chain attacks
Newly registered packages are the highest risk period. Verifying age catches packages created to look legitimate but aren't.