Sentinel-AIDetect AI hallucinated packages & npm vulnerabilities

A CLI tool to catch slopsquatting, shadow code, and supply-chain risks in your JavaScript/TypeScript projects.

🕵️

AI Hallucination Detection

Catches imports of packages that don't exist on npm — AI slopsquatting prevention.

📦

Flags packages used in code but missing from package.json — dead or smuggled imports.

🔍

Queries the OSV database (batch API) for all packages including transitive deps.

⏳

Flags packages published less than 72 hours ago — heuristic for supply-chain attacks.

☢️

MAL- entries from the advisory database get a prominent [MALICIOUS] badge.

🧩

Reads package-lock.json to scan deep dependencies — shows origin for each transitive vuln.

🎯

Detects packages with names suspiciously similar to popular npm packages — catches lodah vs lodash.