Slopsquatting in Python: What 205,474 Hallucinated Package Names Mean for Your Supply Chain

Your AI coding assistant wrote this line: from huggingface_cli import login It looks fine. It looks like something that should exist. You run pip install huggingface-cli, the install succeeds, your tests pass, and you merge. In March 2024, that exact package was a proof-of-concept attack by Bar Lanyado at Lasso Security. He'd noticed GPT-based assistants repeatedly recommending huggingface-cli to developers - a package that didn't exist on PyPI. He registered an empty placeholder package under that name and waited. Three months later, it had been downloaded over 30,000 times.