“Vibe coding”, or developers using AI assistants to quickly churn out code via prompts is the new thing. While generally helpful, there is a risk that these tools can suggest packages that don’t actually exist or have been “slopsquatted” (named to mimic legit ones). This supply chain security risk could welcome vulnerabilities or malware that cost your organization tens or even hundreds of thousands in recovery. These issues aren’t rare either, about 5.2% of AI-recommended packages don’t even exist.

To get around these risks, organizations need a way to control which packages are allowed in production. A Centrally Managed Package Repository with an approval process is a solid way to make sure only vetted packages hit production. Devs can still use AI to speed things up, but won’t risk introducing malicious packages.

In this article, I’ll talk about the rise of “hallucinated” and slopsquatted packages, and how private repositories and approval workflows can act as safety nets for your dev process. This setup will allow AI tools to increase productivity without the security risks that lead to six-figure headaches. 

AI-Driven Package Threats 

AI coding assistants may suggest non-existent or “slopsquatted” packages, created by attackers registering fake packages on registries like PyPI and npm, relying on AI tools to confuse them with legit ones. These deliver malware, steal data, or create backdoors in dev environments. For example, the “slopsquatted” package @async-mutex/mutex recently tricked developers after appearing in Google’s AI Overview, showing how easily these packages sneak into software supply chains by exploiting trust in AI.

Devs these days often embrace “vibe coding”, using AI assistants to quickly churn out code via prompts. While “vibe coding” itself isn’t necessarily a bad thing, blindly following AI suggestions can lead to trouble. The risky aspect here is that devs could accidentally grab “slopsquatted” packages that AI tools make look totally legit, letting vulnerabilities sneak into projects that trigger data breaches, steal credentials, or hijack systems.

The volume of packages suggested by AI tools is too high for traditional manual review processes to keep up, leaving teams more likely to miss fake or slopsquatted packages. Organizations need automated guardrails that can review, filter, and approve packages at scale. Creating centralized repositories and approval workflows using tools like ProGet can help make AI-assisted development safer and smarter by enforcing package standards automatically. 

Centralized Repos and Package Approval: A Safety Net for AI Suggestions 

Centralized package repositories help block fake and risky packages suggested by AI. By centralizing package management in a private repository, teams can make sure only vetted packages are used in production by reviewing and approving packages and preventing slopsquatted ones from sneaking in. Developers are still free to use AI tools to suggest packages, but can only use ones approved for use.

Creating an approval workflow adds an extra layer of safety. Packages are first pulled into an “unapproved” feed from public registries. These packages are reviewed for quality and safety. Once approved, they are promoted into a separate “approved” feed that developers use in production. This makes sure that only trusted packages make it through. 

Tools like ProGet let you manage private repos and set up approval workflows, letting your dev teams safely use AI-generated code without worrying about packages threatening the safety of your production. Plus, it works smoothly with your existing CI/CD setup, so it’s easy to roll out and scale. 

Creating a Package Approval Workflow with ProGet 

Creating a package approval flow using ProGet’s package promotion feature is pretty straightforward, and puts you in control of what makes it into production. Start by creating two feeds:

• An Unapproved Feed, which acts as a staging area for new or requested packages.
• An Approved Feed, the only source developers can pull from in their projects.

You’ll want to “connect” the unapproved feed to a public registry like npmjs.org or pypi.org. This will populate the feed with remote packages that can be downloaded through ProGet and made available to devs once approved. 

After reviewing a package for quality and security, you can “promote” it to the Approved Feed. Only then will it become available for developers to use. The Unapproved Feed is admin-only, so any hallucinated packages suggested by AI tools never reach developers without your approval. This way, developers can still move quickly with AI assistance, but within a controlled and secure workflow you manage.

You can find a more detailed breakdown in How To: Approve and Promote Open-Source Packages guide. There’s also a 3-minute video that breaks it down: 

Avoid the Risk of Slopsquatting with a Package Approval Flow

With the rise in AI tools and “Vibe coding”, so are the risks of hallucinated or slopsquatted packages that lead to issues like malware infection or legal compliance issues. While AI coding tools are valuable, they need a safety layer—especially when it comes to managing dependencies 

By combining a private repository with a robust approval workflow using package promotion in ProGet, you can prevent unapproved packages from making it into your systems. Let AI generate code quickly, while protecting your software supply chain. 

Secure your software supply chain today! Package promotion is a paid feature available in ProGet. Download and start your free trial of ProGet Basic, and see how easy it is to block risky packages while enabling safe, AI-powered development.