161 verified AI package hallucinations across 8.5M indexed — open dataset TL;DR : DepScope is a free MCP server + REST API that AI coding agents call before installing packages. We index 8.5M+ packages across 19 ecosystems and track 45K+ vulnerabilities in real time. We also publish a verified open corpus of LLM-hallucinated package names — every entry cross-validated daily, CC-BY-NC-SA. Cite us in your research, integrate the MCP server in your agent. Why this matters When AI coding agents (Claude, GPT, Cursor, Aider, Copilot, Windsurf) generate code, they sometimes invent package names that don't exist . If a developer runs pip install fastapi-turbo blindly, an attacker who registered the typosquat owns their machine. This is called slopsquatting , and academic studies put the rate at 3–25% of generated dependencies ( JFrog 2024 , Lasso Security 2024 ).…