veto_dep_verify
Verify package names against npm, PyPI, or crates.io registries to detect hallucinated dependencies, typosquatting, and slopsquatting risks before installation.
Instructions
Dependency-hallucination guard: verifies proposed package names against the live registry (npm, PyPI, crates.io) BEFORE install. Checks existence, age, monthly downloads, version history, deprecation, and typo-distance from popular packages. Catches hallucinated names and slopsquatting/typosquat risks. Call this whenever an AI suggests installing a package you have not used before.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| packages | Yes | Package names to verify, e.g. ["axios", "left-pad"]. | |
| ecosystem | No | Registry to check: 'npm' (default), 'pypi', or 'crates'. |