Catch AI-hallucinated (slopsquatted) npm imports in generated code BEFORE npm install. Scans a code block, flags imports of packages that don't exist on npm (the name an LLM invented and attackers register with malware) plus fresh lookalike squats. MCP se
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Catch AI-hallucinated (slopsquatted) npm imports in generated code BEFORE npm install. Scans a code block, flags imports of packages that don't exist on npm (the name an LLM invented and attackers register with malware) plus fresh lookalike squats. MCP se