sbom_check_hallucinations
Detect hallucinated package names in SBOMs by verifying each package against official registries. Supports npm, PyPI, RubyGems, and more.
Instructions
Check all packages in an SBOM against official registries to detect hallucinated (AI-invented) package names. Supports npm, pypi, rubygems, dart, perl, raku, crates. Go/Java marked as unsupported.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| sbom_path | No | Path to existing SBOM file | |
| verbosity | No | Response detail level (default: compact) | |
| directory_path | No | Path to project root (generates fresh SBOM) |