VBS-2026-0003CRITICALCVSS 9.3CWE-1357

AI-hallucinated npm package name enables supply chain attack

Large language models frequently invent npm package names that sound plausible but do not exist. Attackers monitor code-sharing platforms, AI forums, and public repositories for these non-existent names, then register malicious packages with identical names. The malicious package runs arbitrary code during npm install with full filesystem access.

Published
2026-01-20
Discovered By
PolyDefender Research
CVSS Score
9.3 / 10
Affected AI Platforms
ChatGPTClaudeGitHub CopilotCursorGemini
Affected Tech Stack
Node.jsReactNext.jsExpress
Proof of Conceptpoc.ts
// LLM suggested this package - it doesn't exist on npm:
import { useFormValidator } from 'react-form-validation-handler'

// Attacker registers 'react-form-validation-handler' with:
// package.json postinstall: "node steal-credentials.js"
Remediation

Before running npm install, verify every package on npmjs.com. Use PolyDefender's Dependency Hallucination module to cross-reference all imports against the npm registry.

#supply-chain#npm#hallucination#ai-generated
References
Check if your app is vulnerable to VBS-2026-0003

PolyDefender detects this and dozens of other AI-specific vulnerability patterns.

FAQ
Q

How do I check if my Node.js + React app is affected by aI-hallucinated npm package name enables supply chain attack?

A

Large language models frequently invent npm package names that sound plausible but do not exist. Search your codebase for Node.js, React, Next.js, Express patterns and verify the remediation has been applied. This is rated CVSS 9.3 — treat it as a live incident if your app is already in production.

Q

Why does ChatGPT and Claude generate code with CWE-1357 (critical severity)?

A

Large language models frequently invent npm package names that sound plausible but do not exist. Attackers monitor code-sharing platforms, AI forums, and public repositories for these non-existent names, then register malicious packages with identical names.

Q

How do I fix aI-hallucinated npm package name enables supply chain attack?

A

Before running npm install, verify every package on npmjs.com. Use PolyDefender's Dependency Hallucination module to cross-reference all imports against the npm registry.

Q

What can an attacker do if my app contains VBS-2026-0003?

A

With CVSS 9.3 (critical), this vulnerability is critical — an attacker can likely gain complete control of your data or infrastructure. Attackers monitor code-sharing platforms, AI forums, and public repositories for these non-existent names, then register malicious packages with identical names.