Local-first scanner for hallucinated and typosquatted package imports.
Project description
Holster Scan v0
Local-first scanner for AI-hallucinated, typosquatted, and slopsquatted package imports.
This v0 is the packaged form of the validated probe-a-slopsquat detector. It is not generic SAST, dependency vulnerability scanning, or license analysis. It is meant to catch package names that look like LLM-invented helper libraries, typo-near-misses of popular packages, or suspicious namespace/package-family abuse before they land in a repo or CI run.
What It Catches
- Typos near popular packages, such as
reqeusts,numppy, orpytoch. - LLM-style invented helpers, such as
numpy-utils,openai-tools, orlangchain-utils. - Suspicious namespace/package-family names near popular Python and JavaScript packages.
- Published but stale/abandoned look-alikes when the PyPI registry and maintenance oracle can confirm they are not actively maintained.
What It Does Not Do
- It does not replace Snyk, Semgrep, Bandit, CodeQL, pip-audit, or npm audit.
- It does not prove a package is safe.
- It does not phone home or send telemetry.
- It does not query npm in v0. JavaScript/TypeScript scanning uses the name-pattern tier and declared dependency parsing only.
Install
pip install -e .
The package and CLI name are locked as holster-scan.
CLI Usage
holster-scan <path>
holster-scan <path> --format json
holster-scan <path> --format sarif > holster-scan.sarif
holster-scan <path> --fail-on medium
holster-scan <path> --offline
holster-scan scan <path> is also accepted for CI/action compatibility.
Exit codes:
0: no findings at or above the configured fail threshold.1: findings at or above the configured fail threshold.2: CLI usage/path error.
Config
Create .holster.yml at the repo root:
allow:
- torch_mlu
- torch_musa
- tree
- transformers_old
- internal_*
fail_on: high
registry: on
allow accepts names or shell-style globs. This is the v0 escape hatch for private indexes, vendor-index hardware backends, internal packages, and import-name-to-distribution gaps.
registry: off disables live PyPI existence/maintenance checks. --offline does the same for a single CLI run.
Offline behavior is intentionally conservative: unknown existence is not silently suppressed.
GitHub Action
Use this repository as an action after checkout:
name: Holster Scan
on:
pull_request:
push:
jobs:
scan:
runs-on: ubuntu-latest
permissions:
security-events: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: OWNER/REPO@v0
with:
path: "."
fail-on: "high"
upload-sarif: "true"
For a local repo checkout during development, install and run:
pip install -e .
holster-scan . --format sarif > holster-scan.sarif
Network Behavior
Python scanning can use PyPI JSON as a registry oracle:
- confirmed exists: suppresses real-but-undeclared packages unless a stronger stale/confusable rule applies.
- confirmed 404: keeps the package eligible for flagging.
- unknown/network error/offline: does not suppress.
JavaScript/TypeScript scanning does not query npm in v0. It extracts import, export ... from, dynamic import(), and require() package names, reads package.json plus package-lock.json, and applies the same name-pattern detector with registry lookups disabled for that ecosystem.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file holster_scan-0.0.1.tar.gz.
File metadata
- Download URL: holster_scan-0.0.1.tar.gz
- Upload date:
- Size: 21.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
65023b54be234f5f5bad8b8d9ea1c22ffdf081cc8a337f1fceee2765f7c63390
|
|
| MD5 |
cd5f9991a430ee5a6d91658acf2b1b6f
|
|
| BLAKE2b-256 |
82a362d63a138c6618454632b2dfb02b3da86861e292cde550f151e291de08b4
|
File details
Details for the file holster_scan-0.0.1-py3-none-any.whl.
File metadata
- Download URL: holster_scan-0.0.1-py3-none-any.whl
- Upload date:
- Size: 19.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9bc0231e9ea530aaf0f7211368b256ae55dd4b58cd84f308ec515d55b8351748
|
|
| MD5 |
1df136a5410137e88845c32f2cfc6fd9
|
|
| BLAKE2b-256 |
60aa097a6f5523056a62e846e258bab69e88e76956c21a1398b1753894098fc8
|