Slopsquatting
   HOME

TheInfoList



Click Here for Items Related To - Slopsquatting
OR:
Slopsquatting on:   [Wikipedia]   [Google]   [Amazon]

Slopsquatting is a type of
cybersquatting Cybersquatting (also known as domain squatting) is the practice of registering, trafficking in, or using an Internet domain name, with a bad faith intent to profit from the goodwill of a trademark belonging to someone else. The term is derived ...
. It is the practice of registering a non-existent software package name that a
large language model A large language model (LLM) is a language model trained with self-supervised machine learning on a vast amount of text, designed for natural language processing tasks, especially language generation. The largest and most capable LLMs are g ...
(LLM) may
hallucinate A hallucination is a perception in the absence of an external stimulus that has the compelling sense of reality. They are distinguishable from several related phenomena, such as dreaming (REM sleep), which does not involve wakefulness; pseud ...
in its output, whereby someone unknowingly may copy-paste and install the software package without realizing it is fake. Attempting to install a non-existent package should result in an error, but some have exploited this for their gain in the form of
typosquatting Typosquatting, also called URL hijacking, a sting site, a cousin domain, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into ...
. The name is a
portmanteau In linguistics, a blend—also known as a blend word, lexical blend, or portmanteau—is a word formed by combining the meanings, and parts of the sounds, of two or more words together.
of " slop" and "typosquatting".


History

In 2023, security researcher Bar Lanyado noted that LLMs hallucinated a package named "huggingface-cli". While this name is identical to the command used for the command-line version of HuggingFace Hub, it is not the name of the package. The software is correctly installed with the code . Lanyado tested the potential for slopsquatting by uploading an empty package under this hallucinated name. In three months, it had received over 30,000 downloads. The hallucinated packaged name was also used in the README file of a repo for research conducted by
Alibaba Ali Baba is a character from the folk tale "Ali Baba and the Forty Thieves". Alibaba Group is a Chinese multinational internet technology company. Ali Baba or Alibaba may also refer to: Arts and entertainment Films * ''Ali Baba and the Forty T ...
. In April 2025, the term was coined by
Python Software Foundation The Python Software Foundation (PSF) is an American nonprofit organization devoted to the Python programming language, launched on March 6, 2001. The mission of the foundation is to foster development of the Python community and is responsible fo ...
Developer-in-Residence and security researcher Seth Larson and popularized by Andrew Nesbitt on
Mastodon A mastodon, from Ancient Greek μαστός (''mastós''), meaning "breast", and ὀδούς (''odoús'') "tooth", is a member of the genus ''Mammut'' (German for 'mammoth'), which was endemic to North America and lived from the late Miocene to ...
. In May 2025, the potential and prevalence of slopsquatting was detailed in the academic paper "We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs". Some of the paper's main findings are that 19.7% of the LLM recommended packages did not exist, open-source models hallucinated far more frequently (21.7% on average, compared to commercial models at 5.2%), CodeLlama 7B and CodeLlama 34B hallucinated in over a third of outputs, and across all models, the researchers observed over 205,000 unique hallucinated package names.


Prevention

To prevent being exploited by slopsquatting, package names should be manually verified and to never assume code that is AI-generated to be real or safe before deploying code to production environments. Moreover, using dependency scanners, lock files, and hash ID verifications to known and trusted package versions can be used.


Impact

Feross Aboukhadijeh, CEO of security firm
Socket Socket may refer to: Mechanics * Socket wrench, a type of wrench that uses separate, removable sockets to fit different sizes of nuts and bolts * Socket head screw, a screw (or bolt) with a cylindrical head containing a socket into which the hexag ...
, warns about software engineers who are practicing
vibe coding Vibe coding is an approach to producing software by using artificial intelligence (AI), where a person describes a problem in a few natural language sentences as a Prompt engineering, prompt to a large language model (LLM) tuned for coding. The L ...
may be susceptible to slopsquatting and either using the code without reviewing the code or the AI assistant tool installing the non-existent package. There has not yet been a reported case where slopsquatting has been used as a cyberattack.


See also

*
Cybersquatting Cybersquatting (also known as domain squatting) is the practice of registering, trafficking in, or using an Internet domain name, with a bad faith intent to profit from the goodwill of a trademark belonging to someone else. The term is derived ...
*
Typosquatting Typosquatting, also called URL hijacking, a sting site, a cousin domain, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into ...
* Prompt injection


References

{{Reflist Cybercrime 2025 neologisms 2020s neologisms