A Python package that detects and warns against slopsquatted or suspicious import statements in code, helping developers avoid accidentally using malicious or mistyped packages suggested by LLMs or found in legacy code.
Project description
slopsquat-detector is a Python package that helps detect fake, incorrect, or suspicious Python package imports. These may come from typos, hallucinated names generated by AI LLMS and tools like ChatGPT or Copilot, or from packages designed to trick users. This tool checks if the packages you are using actually exist on PyPI. If any package is missing, it flags it as potentially fake or unsafe. This can help prevent you from installing malicious or useless code.
Why use it?
- Flags hallucinated imports generated by AI tools
- Detects typos in package names
- Catches fake or non-existent packages before installation
- Protects against supply chain attacks and slopsquatting
- Works with
.pyscripts,requirements.txtfiles, and.ipynbnotebooks
How to install using pip
- Python 3.6 or higher
- pip (Python package installer)
Installation
You can install slopsquat-detector using pip. Make sure you have Python and pip installed on your system.
pip install slopsquat-detector
This will install the slopsquat command-line tool on your system.
How to install locally
To install the tool from source, first clone the repository:
git clone https://github.com/prashantpandeygit/slopsquat cd slopsquat Then install it using pip: pip install .
How to use
You can run slopsquat-detector from the terminal and give it a file to scan. Supported files include:
requirements.txt- Python files (
.py) - Jupyter notebooks (
.ipynb)
Examples
To check a requirements file: slopsquat requirements.txt
To check a Python script: slopsquat script.py
To check a notebook: slopsquat notebook.ipynb
The tool will show which packages exist and which are missing from PyPI. Missing packages are likely typos, hallucinations, or slopsquats.
License
This project is open source and licensed under the MIT License. See the LICENSE file for details.
Author
Prashant Pandey
Email: prashantpandeyiuet@gmail.com
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file slopsquat_detector-0.2.tar.gz.
File metadata
- Download URL: slopsquat_detector-0.2.tar.gz
- Upload date:
- Size: 4.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7d74b9959aa3baf709db898079fc0a3f007b761e7baa084b4d906ea5c0f7d77e
|
|
| MD5 |
e6562223bc2697b9dcde127494ca593e
|
|
| BLAKE2b-256 |
f77c9cd11091d2234fbfba999a78fbf5ce071def0dc7d8f49eab9126c2c72097
|
File details
Details for the file slopsquat_detector-0.2-py3-none-any.whl.
File metadata
- Download URL: slopsquat_detector-0.2-py3-none-any.whl
- Upload date:
- Size: 3.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e949eb79ea535850b6a462d5c29270717796a8aa1814dcd5c7f4c0b9c947a715
|
|
| MD5 |
fc51708fa4ad77041b0113e1df8582df
|
|
| BLAKE2b-256 |
4b8847a078ef32d894f49b40d94fa0ba05d65bd2044ee7fdaa1a1bc495ccf4a2
|
