Skip to main content

Local-first scanner for hallucinated and typosquatted package imports.

Project description

Holster Scan v0

Local-first scanner for AI-hallucinated, typosquatted, and slopsquatted package imports.

This v0 is the packaged form of the validated probe-a-slopsquat detector. It is not generic SAST, dependency vulnerability scanning, or license analysis. It is meant to catch package names that look like LLM-invented helper libraries, typo-near-misses of popular packages, or suspicious namespace/package-family abuse before they land in a repo or CI run.

What It Catches

  • Typos near popular packages, such as reqeusts, numppy, or pytoch.
  • LLM-style invented helpers, such as numpy-utils, openai-tools, or langchain-utils.
  • Suspicious namespace/package-family names near popular Python and JavaScript packages.
  • Published but stale/abandoned look-alikes when the PyPI registry and maintenance oracle can confirm they are not actively maintained.

What It Does Not Do

  • It does not replace Snyk, Semgrep, Bandit, CodeQL, pip-audit, or npm audit.
  • It does not prove a package is safe.
  • It does not phone home or send telemetry.
  • It does not query npm in v0. JavaScript/TypeScript scanning uses the name-pattern tier and declared dependency parsing only.

Install

pip install -e .

The package and CLI name are locked as holster-scan.

CLI Usage

holster-scan <path>
holster-scan <path> --format json
holster-scan <path> --format sarif > holster-scan.sarif
holster-scan <path> --fail-on medium
holster-scan <path> --offline

holster-scan scan <path> is also accepted for CI/action compatibility.

Exit codes:

  • 0: no findings at or above the configured fail threshold.
  • 1: findings at or above the configured fail threshold.
  • 2: CLI usage/path error.

Config

Create .holster.yml at the repo root:

allow:
  - torch_mlu
  - torch_musa
  - tree
  - transformers_old
  - internal_*
fail_on: high
registry: on

allow accepts names or shell-style globs. This is the v0 escape hatch for private indexes, vendor-index hardware backends, internal packages, and import-name-to-distribution gaps.

registry: off disables live PyPI existence/maintenance checks. --offline does the same for a single CLI run.

Offline behavior is intentionally conservative: unknown existence is not silently suppressed.

GitHub Action

Use this repository as an action after checkout:

name: Holster Scan

on:
  pull_request:
  push:

jobs:
  scan:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
      contents: read
    steps:
      - uses: actions/checkout@v4
      - uses: OWNER/REPO@v0
        with:
          path: "."
          fail-on: "high"
          upload-sarif: "true"

For a local repo checkout during development, install and run:

pip install -e .
holster-scan . --format sarif > holster-scan.sarif

Network Behavior

Python scanning can use PyPI JSON as a registry oracle:

  • confirmed exists: suppresses real-but-undeclared packages unless a stronger stale/confusable rule applies.
  • confirmed 404: keeps the package eligible for flagging.
  • unknown/network error/offline: does not suppress.

JavaScript/TypeScript scanning does not query npm in v0. It extracts import, export ... from, dynamic import(), and require() package names, reads package.json plus package-lock.json, and applies the same name-pattern detector with registry lookups disabled for that ecosystem.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

holster_scan-0.0.1.tar.gz (21.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

holster_scan-0.0.1-py3-none-any.whl (19.3 kB view details)

Uploaded Python 3

File details

Details for the file holster_scan-0.0.1.tar.gz.

File metadata

  • Download URL: holster_scan-0.0.1.tar.gz
  • Upload date:
  • Size: 21.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for holster_scan-0.0.1.tar.gz
Algorithm Hash digest
SHA256 65023b54be234f5f5bad8b8d9ea1c22ffdf081cc8a337f1fceee2765f7c63390
MD5 cd5f9991a430ee5a6d91658acf2b1b6f
BLAKE2b-256 82a362d63a138c6618454632b2dfb02b3da86861e292cde550f151e291de08b4

See more details on using hashes here.

File details

Details for the file holster_scan-0.0.1-py3-none-any.whl.

File metadata

  • Download URL: holster_scan-0.0.1-py3-none-any.whl
  • Upload date:
  • Size: 19.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for holster_scan-0.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 9bc0231e9ea530aaf0f7211368b256ae55dd4b58cd84f308ec515d55b8351748
MD5 1df136a5410137e88845c32f2cfc6fd9
BLAKE2b-256 60aa097a6f5523056a62e846e258bab69e88e76956c21a1398b1753894098fc8

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page