NPM Packages Attacks

3 points by carlostkd ↗ HN
You should read this before you install any #npm package. Because the author mentioned the taking advantage of the #AI #hallucinations but forgot that attackers can also "instruct" AIs to make reference to a malicious package

https://blog.gaborkoos.com/posts/2026-05-29-How-to-Evaluate-an-npm-Package-2026-Edition/?utm_source=reddit&utm_medium=social&utm_campaign=how-to-evaluate-an-npm-package-2026-edition&utm_content=r_netsec

#infosec #cybersecurity #ethicalhacking #news #privacy

2 comments

[ 3.0 ms ] story [ 12.8 ms ] thread
Article and this post seems to be AI generated… but this is a good quote

> AI coding assistants hallucinate package names. They confidently suggest npm install some-plausible-sounding-package for packages that do not exist. Attackers monitor those hallucinations and register the names - a technique now called slopsquatting

Slopsquatting is a hilarious name for this