Dependency Guard — AI Package Safety Check
Pricing
from $30.00 / 1,000 results
Dependency Guard — AI Package Safety Check
Catch the fake, malicious and typosquatted packages your AI told you to install — before they ship.
Pricing
from $30.00 / 1,000 results
Rating
0.0
(0)
Developer
Laurent Ferrenti
Maintained by CommunityActor stats
0
Bookmarked
1
Total users
0
Monthly active users
13 days ago
Last modified
Categories
Share
Dependency Guard 🛡️
Catch the fake and malicious packages your AI told you to install.
AI assistants hallucinate package names that don't exist — and attackers register those names with malware ("slopsquatting"). Dependency Guard checks every dependency in your project against real package registries, known-malware advisories, and a maintained list of AI-hallucinated names, then tells you in plain English what's safe and what to delete.
Who is this for?
- Vibe coders & non-technical builders — you didn't write it, we'll vet it
- AI coding agents (via MCP) — verify a package BEFORE you install it
- Bootcamps & learners — a safety net against copy-paste malware
- Small teams & freelancers — real checks, no enterprise price
What you get (per package)
Name, whether it actually exists, a 0-100 Risk Score, the reason (hallucinated / malicious / typosquat / suspicious), the closest legit package you probably meant, and a plain-English recommendation.
It knows the difference that matters
A pure-malware package (lodash-utils, 2 downloads/week) is flagged DANGER.
A mainstream package where only one version was ever compromised (axios,
110M downloads/week) gets a calm "make sure you're not on the affected version"
— not a false alarm. That distinction is the whole product.
Example
Paste your package.json → 7 packages checked → lodash-utils and
unused-imports are malware, expres is a typo of express, the rest are fine.
Fix them before you ship. Verdict: DANGER.
Why this matters in 2026
AI writes ~41% of all code, and slopsquatting is a real, growing supply-chain
attack: huggingface-cli (an AI hallucination) got 30,000 downloads;
react-codeshift spread through 237 repos. One bad install = one breach.
Inputs
Paste a package.json, requirements.txt or pyproject.toml, give a list of
package names, or point it at a public GitHub repo. npm and PyPI supported.
MCP-ready
Use it from Claude, Cursor or any MCP client: "Before you install anything, check it with Dependency Guard."
Pricing
Pay per scan. A typical project costs a few cents. No subscription.
Need something custom?
Need a custom scraper, MCP server or AI agent? We build them. → [SLING Studio — get a quote]


