Back to Vulnerability Hub
HighAI-Generated Code Vulnerability

Hallucinated Dependencies

LLM-invented package names are hijacked by attackers for supply-chain compromise.

Affected Platforms
All AI coding platforms
Severity
High
Remediate immediately

How to detect it

  • 1Validate package existence/reputation before install
  • 2Flag suspicious maintainer history and install scripts
  • 3Monitor new dependency additions in PR checks

How to fix it

  • 1Require lockfile and package review
  • 2Block risky postinstall scripts
  • 3Use dependency allowlists for production builds
Check if your app is affected
VibeMeds automatically detects this and 41 other vulnerability patterns.
Scan Your App Free →