SaaS & BusinessMedium

PhantomDep

A GitHub Action that fails the build if any imported package was added in the last 14 days, has under 100 weekly downloads, or matches a known slopsquat pattern.

Target market
OSS maintainers and small engineering teams (2-30 devs) on GitHub whose contributors increasingly use Cursor/Claude Code and ship phantom packages they did not vet.

Problem snapshot

What this solves

Slopsquat Guard MCP and similar tools block phantom packages before an agent installs them, but plenty of vibe-coded PRs land on GitHub with package.json or requirements.txt edits that nobody runs through an agent, including PRs from contributors who installed the package locally weeks ago. Snyk and Aikido catch known-bad packages, not statistically…

Full ProvenTools analysis

Unlock the full analysis and build prompt

Unlock the solution, revenue model, feature scope, technical approach, user flow, and 13-section AI build prompt.

Already have access? Sign in

See ProvenTools plans

Related ideas

Explore similar problems

Browse all