406
AI bots hallucinate software packages and devs download them
(www.theregister.com)
This is a most excellent place for technology news and articles.
True. You can't always be 100% sure. But a quick check for download counts/version count can help. And while searching for it in the repo, you can see other similarly named packages and prevent getting hit by a typo squatter.
Despite, it's not just for security. What if the package you're installing has a big banner in the readme that says "Deprecated and full of security issues"? It's not a bad package per say, but still something you need to know
*per se
https://en.m.wiktionary.org/wiki/per_se
Oh, TIL
Edit: *YourWeb