NPM Packages Attacks
2 points
6 hours ago
| 1 comment
| HN
You should read this before you install any #npm package. Because the author mentioned the taking advantage of the #AI #hallucinations but forgot that attackers can also "instruct" AIs to make reference to a malicious package

https://blog.gaborkoos.com/posts/2026-05-29-How-to-Evaluate-an-npm-Package-2026-Edition/?utm_source=reddit&utm_medium=social&utm_campaign=how-to-evaluate-an-npm-package-2026-edition&utm_content=r_netsec

#infosec #cybersecurity #ethicalhacking #news #privacy

â–²
gitgud
4 hours ago
[-]
Article and this post seems to be AI generated… but this is a good quote

> AI coding assistants hallucinate package names. They confidently suggest npm install some-plausible-sounding-package for packages that do not exist. Attackers monitor those hallucinations and register the names - a technique now called slopsquatting

Slopsquatting is a hilarious name for this

reply