Version updated for https://github.com/loicguillois/slopwatch to version v0.2.1. This action is used across all versions by ? repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. Action Summary The slopwatch GitHub Action is a security tool designed to detect slopsquatting attacks, where malicious actors register AI-hallucinated package names to exploit dependency installations. It automates the scanning of dependency files (e.g., package.json or requirements.

Version updated for https://github.com/loicguillois/slopwatch to version v0.1.0. This action is used across all versions by ? repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. Action Summary The GitHub Action “slopwatch” is designed to detect and mitigate slopsquatting attacks, where malicious actors register fake packages (often AI-hallucinated names) in dependency registries like npm and PyPI. It automates the scanning of dependency files and evaluates packages using a trust model based on metadata, identifying suspicious or potentially malicious packages to safeguard against supply-chain vulnerabilities.