In the above example, the various version information is provided for the package dustin.examples because that (dustin/examples/) is listed after Name: .

For my use of “project” and “package” (including “import package” and “distribution package”) see Jim Ratliff, “ Unpacking ‘package’ terminology in Python,” GitHub Gist. In particular, I very ...

For example, the name of the package imported as math/rand is rand. It is imported with path math/rand because It is nested inside the math package as a subdirectory.

A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names.

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious ...

As the termcolour incident indicates, repurposing names is a strategy that is already being used by malicious actors to spread malware and start a supply-chain attack. Depending on the popularity of ...

Code-generating large language models (LLMs) have introduced a new security issue into software development: Code package hallucinations. Package hallucinations occur when an LLM generates code that ...

Lanyado did so to explore whether these kinds of hallucinated software packages – package names invented by generative AI models, presumably during project development – persist over time and to test ...

A new study found that code generated by AI is more likely to contain made-up information that can be used to trick software into interacting with malicious code.