slopwatch

March 2, 2026

Version updated for https://github.com/loicguillois/slopwatch to version v0.2.1.

This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The slopwatch GitHub Action is a security tool designed to detect slopsquatting attacks, where malicious actors register AI-hallucinated package names to exploit dependency installations. It automates the scanning of dependency files (e.g., package.json or requirements.txt) and evaluates packages using a trust model based on metadata analysis, assigning scores to identify suspicious or potentially harmful packages. This action helps secure supply chains by flagging and prioritizing packages for review, protecting against vulnerabilities caused by malicious dependencies.

Release notes

Full Changelog: https://github.com/loicguillois/slopwatch/compare/v0...v0.2.1

loicguillois
GitHub Actions