PhantomDep
A GitHub Action that fails the build if any imported package was added in the last 14 days, has under 100 weekly downloads, or matches a known slopsquat pattern.
- Target market
- OSS maintainers and small engineering teams (2-30 devs) on GitHub whose contributors increasingly use Cursor/Claude Code and ship phantom packages they did not vet.
Problem snapshot
What this solves
Slopsquat Guard MCP and similar tools block phantom packages before an agent installs them, but plenty of vibe-coded PRs land on GitHub with package.json or requirements.txt edits that nobody runs through an agent, including PRs from contributors who installed the package locally weeks ago. Snyk and Aikido catch known-bad packages, not statistically…
Full ProvenTools analysis
Unlock the full analysis and build prompt
Unlock the solution, revenue model, feature scope, technical approach, user flow, and 13-section AI build prompt.
Already have access? Sign in
Related ideas
Explore similar problems
Affiliate Attribution Drop Finder
A detector that checks whether affiliate links, landing pages, checkout redirects, cookies, and post-purchase events still preserve attribution.
Agent Action Approval Gate
A runtime approval gate that intercepts only high-risk agent actions, such as refunds, deployments, deletes, emails, and database writes, before execution.
Agent Data-Access Scoper
A Supabase and Postgres RLS test harness that proves which rows an agent role can read or write before the agent is released.