The primary signal is whether the package exists on the registry. We query PyPI/npm directly:
  - If a package exists → it gets a low/safe risk score
  - If a package doesn't exist → that's the main red flag for slopsquatting

  Pattern matching (like AI-related terms) is just one of many weighted signals, and it's far outweighed by existence. In fact, popular packages get a negative weight that actively reduces their risk score.

  The attack we're detecting is when an LLM hallucinates a package name like flask-gpt-utils that sounds plausible but doesn't exist. A real attacker could then register that name and wait for developers to pip install it.

  We test against the top 1000 PyPI packages and target <5% false positive rate. If you're importing openai or transformers, you're fine.