io.github.Baneado98/import-guardiandev-tools

import-guardian

Flagged

Catch AI-hallucinated (slopsquatted) npm imports in generated code before npm install.

Our take

The tool addresses a real problem (slopsquatted npm imports), but the audit found manufactured ecosystem presence: the anonymous zero-follower owner forked five awesome-* lists (awesome-mcp-servers, awesome-mcp-security, awesome-secure-mcp-servers, awesome-x402, awesome-agentic-commerce) in one week and committed self-insertions promoting his own products — the awesome-x402 fork carries an 'Add guardian set to Security & Audits' commit advertising four of them. Those four 'guardian' services plus six other repos were all created within days of each other, each monetized via Stripe 'premium' tools and x402 pay-per-call USDC. Faked ecosystem endorsement to sell paid API calls from an anonymous operator is exactly the buywhere pattern.

reviewed by hand · 2026-07-05

Something wrong or dead here? Report it

Verification record

last verified
yesterday
github stars
0
last commit
10 days ago
archived
no
license
MIT
downloads / wk
235
latest version
0.3.0
in registry since
2026-06-26

github.com/Baneado98/import-guardian