Slopsquatting is a type of cybersquatting. It is the practice of registering a non-existent software package name that a large language model (LLM) may hallucinate in its output, whereby someone unknowingly may copy-paste and install the software package without realizing it is fake. Attempting to install a non-existent package should result in an error, but some have exploited this for their gain in the form of typosquatting.
In 2023, security researcher Bar Lanyado noted that LLMs hallucinated a package named ‘huggingface-cli. While this name is identical to the command used for the command-line version of HuggingFace Hub, it is not the name of the package. The software is correctly installed with the code pip install -U ‘huggingface_hub[cli].’ Lanyado tested the potential for slopsquatting by uploading an empty package under this hallucinated name. In three months, it had received over 30,000 downloads. The hallucinated packaged name was also used in the README file of a repo for research conducted by Alibaba.
In April 2025, the term was coined by Python Software Foundation Developer-in-Residence and security researcher Seth Larson and popularized by Andrew Nesbitt on Mastodon.
To prevent being exploited by slopsquatting, package names should be manually verified and to never assume code that is AI-generated to be real or safe before deploying code to production environments. Moreover, using dependency scanners, lock files, and hash ID verifications to known and trusted package versions can be used. Feross Aboukhadijeh, CEO of security firm Socket, warns about software engineers who are practicing vibe coding may be susceptible to slopsquatting and either using the code without reviewing the code or the AI assistant tool installing the non-existent package.
The Daily Omnivore 
Leave a comment