Free browser tool

Did your AI assistant just invent that package?

Code assistants recommend dependencies with total confidence, and a surprising share of them do not exist. Attackers register those invented names and wait for the next person to run pip install. Paste your dependencies below and check every one against the real registries before anything touches your machine.

Queries go from your browser straight to npm and PyPI. Nothing else sees your code.

What package hallucination is

Large language models complete patterns. When a pattern calls for a package that handles JWT auth for FastAPI, a model will sometimes produce a plausible name whether or not anyone ever published it. In a 2024 study of 576,000 generated code samples, researchers found that close to one in five recommended packages did not exist, and collected over 200,000 unique invented names. The names repeat across users, which is the dangerous part.

Repeatable phantom names are an attack surface. Someone registers the invented package, fills it with malware, and waits for developers to install exactly what their assistant suggested. The security community calls this slopsquatting, a modern cousin of typosquatting. You do not need to be careless to get hit; you only need to trust a suggestion once.

What the verdicts mean

VerdictMeaning
PHANTOMThe package is not in the registry. If a tool suggested it, the name was likely invented. Never pre-create internal names publicly; a squatter can claim them.
DANGERThe package exists, but it is both a near-miss of a popular name and young or barely downloaded. That combination is the classic squatting profile.
CHECKRegistered recently, rarely downloaded, deprecated, or one edit away from a popular package. Usually fine, worth thirty seconds of review.
OKEstablished package. This says nothing about its quality, only that it is real and not an obvious impostor.

What this tool checks

How to protect yourself beyond this page

Questions people ask

Does my code get uploaded?

No. Parsing happens in your browser, and the only network requests are the package name lookups sent directly to npm and PyPI. You can verify this in the network tab, and the source is small enough to read in one sitting.

My internal company package shows as PHANTOM. Is that a bug?

No, it is the expected result: the tool only sees public registries. It is also a useful prompt to check that your internal name is protected from public registration.

Why is a real package flagged as a lookalike?

Edit distance cannot read intent. Forks and legitimately similar names will occasionally trip the check. The verdict text always says what the similarity is, so you can decide in seconds.

Which ecosystems are supported?

npm and PyPI, which is where the published hallucination research concentrated and where CORS-friendly registry APIs exist. Other ecosystems are on the issue tracker.