couchloop-eq-mcp 1.3.3 → 1.4.1

package/dist/tools/Hallucinated Packages Corpus from Claude.js

@@ -0,0 +1,447 @@
+/**
+ * hallucinated-packages-corpus.ts
+ *
+ * Comprehensive corpus of known and pattern-matched hallucinated npm packages.
+ *
+ * Sources:
+ * - PhantomRaven campaign (Koi Security + Sonatype, Oct–Nov 2025): 200+ documented
+ *   malicious slopsquatting packages targeting AI-hallucinated names
+ * - Spracklen et al., "We Have a Package for You!" (USENIX 2025): 205,474 unique
+ *   hallucinated names analyzed across 576,000 code samples
+ * - Lasso Security (Bar Lanyado, 2024): Original package hallucination research,
+ *   documented 24.2% hallucination rate across GPT-3.5, GPT-4, Gemini, Cohere
+ * - Krishna et al., "Importing Phantoms" (Jan 2025): 0.22%–46.15% rates across models
+ * - Aikido Security (Charlie Eriksen, Jan 2026): react-codeshift live case
+ * - Snyk, Mend, Augment Code, Trend Micro: documented attack case studies
+ *
+ * Detection strategy:
+ * 1. CONFIRMED_MALICIOUS   — packages with active security holds or confirmed malware
+ * 2. DOCUMENTED_HALLUCINATIONS — packages proven to be AI-hallucinated (even if now claimed)
+ * 3. PHANTOM_RAVEN_PACKAGES — all 200+ PhantomRaven campaign packages (slopsquatting)
+ * 4. SUSPICIOUS_PATTERNS   — regex patterns that match AI morpheme-splicing behavior
+ * 5. INCOMPLETE_NAMES      — abbreviated forms of real packages LLMs commonly produce
+ *
+ * Usage: isLikelyHallucinated(packageName) → { flagged: boolean, reason: string, confidence: 'high'|'medium'|'low' }
+ */
+// ─────────────────────────────────────────────────────────────────────────────
+// SECTION 1: CONFIRMED MALICIOUS (security holds, verified malware payloads)
+// Source: npm security holds, Koi Security PhantomRaven IOCs, Aikido Intel
+// ─────────────────────────────────────────────────────────────────────────────
+export const CONFIRMED_MALICIOUS = new Set([
+    // PhantomRaven confirmed malicious — stolen from Koi Security / Sonatype analysis
+    // These are NOT legitimate packages. All had active credential-stealing payloads.
+    "unused-imports", // Real: eslint-plugin-unused-imports. Confirmed malicious, npm security hold
+    "react-codeshift", // Conflation of jscodeshift + react-codemod. Claimed Jan 2026, Aikido research
+    "eslint-disable-next-line", // Masquerades as ESLint directive. PhantomRaven
+    "eslint-comments", // Real: eslint-plugin-eslint-comments. PhantomRaven abbreviated form
+    "transform-react-remove-prop-types", // Real: babel-plugin-transform-react-remove-prop-types. PhantomRaven
+    "transform-es2015-modules-commonjs", // Real: babel-plugin-transform-es2015-modules-commonjs. PhantomRaven
+    "transform-merge-sibling-variables", // Real: babel-plugin-transform-merge-sibling-variables. PhantomRaven
+    "transform-react-constant-elements", // Real: babel-plugin-transform-react-constant-elements. PhantomRaven
+    "add-module-exports", // PhantomRaven campaign package
+    "no-floating-promise", // PhantomRaven — abbreviated: eslint-plugin-no-floating-promise
+    "no-only-tests", // PhantomRaven — Real: eslint-plugin-no-only-tests
+    "only-warn", // PhantomRaven
+    "sort-keys-fix", // PhantomRaven
+    "sort-keys-plus", // PhantomRaven
+    "sort-class-members", // PhantomRaven
+    "prefer-object-spread", // PhantomRaven
+    "preferred-import", // PhantomRaven
+    "jsx-a11y", // PhantomRaven — Real: eslint-plugin-jsx-a11y
+    "mocha-no-only", // PhantomRaven
+    "jest-hoist", // PhantomRaven
+    "inline-react-svg", // PhantomRaven
+    "syntax-dynamic-import", // PhantomRaven
+    "named-asset-import", // PhantomRaven
+    "filename-rules", // PhantomRaven
+    "flowtype-errors", // PhantomRaven
+    "react-naming-convention", // PhantomRaven
+    "react-web-api", // PhantomRaven
+    "react-async-component-lifecycle-hooks", // PhantomRaven
+    "react-important-stuff", // PhantomRaven
+    "react-import-reflect", // AI hallucination pattern
+    "ft-flow", // PhantomRaven
+    "polyfill-corejs3", // PhantomRaven — Real: @babel/preset-env handles corejs
+    "polyfill-regenerator", // PhantomRaven
+    "external-helpers", // PhantomRaven
+    "crowdstrike", // PhantomRaven — brandjacking
+    "airbnb-babel", // PhantomRaven — brandjacking Airbnb
+    "airbnb-base-typescript-prettier", // PhantomRaven — brandjacking
+    "airbnb-types", // PhantomRaven — brandjacking
+    "airbnb-bev", // PhantomRaven — brandjacking
+    "airbnb-calendar", // PhantomRaven — brandjacking
+    "airbnb-opentracing-javascript", // PhantomRaven — brandjacking
+    "airbnb-scraper", // PhantomRaven — brandjacking
+    "acme-package", // PhantomRaven
+    "add-shopify-header", // PhantomRaven
+    "aikido-module", // PhantomRaven — ironic brandjacking of Aikido Security
+    "artifactregistry-login", // PhantomRaven — Google brandjacking
+    "audio-game", // PhantomRaven
+    "badgekit-api-client", // PhantomRaven
+    "bernie-core", // PhantomRaven
+    "bernie-plugin-l10n", // PhantomRaven
+    "chai-friendly", // PhantomRaven
+    "chromestatus-openapi", // PhantomRaven
+    "durablefunctionsmonitor", // PhantomRaven — Microsoft brandjacking
+    "durablefunctionsmonitor-vscodeext", // PhantomRaven
+    "elemefe", // PhantomRaven
+    "e-voting-libraries-ui-kit", // PhantomRaven
+    "eslint-github-bot", // PhantomRaven
+    "eslint-plugin-cli-microsoft365", // PhantomRaven — Microsoft brandjacking
+    "eslint-plugin-custom-eslint-rules", // PhantomRaven
+    "faltest", // PhantomRaven
+    "firefly-sdk-js", // PhantomRaven
+    "firefly-shared-js", // PhantomRaven
+    "fq-ui", // PhantomRaven
+    "goji-js-org", // PhantomRaven
+    "important-stuff", // PhantomRaven
+    "ing-web-es", // PhantomRaven
+    "iot-cardboard-js", // PhantomRaven
+    "jira-ticket-todo-comment", // PhantomRaven
+    "labelbox-custom-ui", // PhantomRaven
+    "lfs-ui", // PhantomRaven
+    "lion-based-ui", // PhantomRaven
+    "lion-based-ui-labs", // PhantomRaven
+    "mourner", // PhantomRaven
+    "rxjs-angular", // PhantomRaven
+    "skyscanner-with-prettier", // PhantomRaven
+    "powerbi-visuals-sunburst", // PhantomRaven — Microsoft brandjacking
+    "spaintest1", // PhantomRaven
+    "pensions-portals-fe", // PhantomRaven
+    "google-cloud-functions-framework", // PhantomRaven — Google brandjacking
+    "op-cli-installer", // PhantomRaven
+    "ais-sn-components", // PhantomRaven
+    "add-module-exports", // PhantomRaven
+    "petstore-integration-test", // PhantomRaven — earliest known evolving version
+    "durablefunctionsmonitor.react", // PhantomRaven
+]);
+// ─────────────────────────────────────────────────────────────────────────────
+// SECTION 2: DOCUMENTED AI HALLUCINATIONS
+// Packages confirmed as AI-hallucinated by published research (even if currently
+// registered as benign probes or now showing as "existing")
+// ─────────────────────────────────────────────────────────────────────────────
+export const DOCUMENTED_HALLUCINATIONS = new Set([
+    // Lasso Security research (Bar Lanyado, 2024) — confirmed AI-hallucinated
+    "huggingface-cli", // 30,000+ downloads after Lanyado registered it as a probe.
+    // Real install: pip install -U "huggingface_hub[cli]" (Python, not npm)
+    // Listed here as cross-ecosystem confusion vector
+    // Aikido Security (Charlie Eriksen, Jan 2026) — confirmed live hallucination
+    "react-codeshift", // Conflation of jscodeshift + react-codemod. Appeared in 47 AI-generated
+    // agent skills in a single GitHub commit. Nobody registered it until Eriksen
+    // claimed it as a research probe. Now a confirmed squattable name.
+    // PhantomRaven abbreviated-name hallucinations (documented by Koi Security)
+    "unused-imports", // LLMs abbreviate eslint-plugin-unused-imports to this
+    "transform-react-remove-prop-types", // Abbreviated from babel-plugin- prefix
+    // Common LLM conflagrations documented in academic literature (Spracklen et al.)
+    "express-mongoose", // Conflation of express + mongoose. 38% of hallucinations are this type.
+    "react-form-validator", // Conflation pattern. Real: react-hook-form + yup
+    "node-db-migrate", // Conflation of node + db-migrate. Real: db-migrate
+    "mongo-express-router", // Conflation pattern
+    "express-mysql", // Conflation: express + mysql. Not a real package.
+    "express-postgres", // Conflation: express + pg
+    "react-socket", // Conflation: react + socket.io-client. Real: socket.io-client
+    "node-redis-cache", // Conflation: redis + node-cache
+    "express-jwt-auth", // Conflation. Real: express-jwt or jsonwebtoken
+    "passport-google", // Abbreviated. Real: passport-google-oauth or passport-google-oauth20
+    "react-router-native", // Exists but LLMs hallucinate wrong versions/APIs
+    "webpack-dev", // Abbreviated. Real: webpack-dev-server or webpack-dev-middleware
+    "eslint-typescript", // Abbreviated. Real: @typescript-eslint/eslint-plugin
+    "next-image", // Abbreviated. Real: next/image (built-in, not a separate package)
+    "prisma-client", // Abbreviated. Real: @prisma/client
+    "graphql-apollo", // Conflation. Real: @apollo/client or apollo-server
+    "react-query-cache", // AI morpheme-splice from react-query. Real: @tanstack/react-query
+    "jest-enzyme", // Conflation. Real: enzyme + jest or @testing-library/react
+    "nodemon-ts", // Conflation. Real: ts-node-dev or nodemon + ts-node
+    "stripe-node", // Abbreviated. Real: stripe (the package is just "stripe")
+    "twilio-node", // Abbreviated. Real: twilio
+    "aws-cognito", // Abbreviated. Real: amazon-cognito-identity-js or @aws-amplify/auth
+    "firebase-admin-sdk", // Abbreviated. Real: firebase-admin
+    "google-maps-api", // Abbreviated. Real: @googlemaps/js-api-loader or google-maps
+    "react-bootstrap-icons", // Conflation. Real: react-bootstrap + react-icons (separate packages)
+    "tailwind-react", // Conflation. Not a real package.
+    "redux-saga-effects", // Conflation. Real: redux-saga (effects are built-in)
+    "react-testing", // Abbreviated. Real: @testing-library/react
+    "socket-io", // Abbreviated. Real: socket.io or socket.io-client (hyphenated differently)
+    "node-crypto", // Confused. Real: crypto (built-in Node module, not a package)
+    "node-path", // Confused. Real: path (built-in)
+    "node-fs", // Confused. Real: fs (built-in)
+    "node-http", // Confused. Real: http (built-in)
+    "node-os", // Confused. Real: os (built-in)
+    "node-process", // Confused. Real: process (built-in global)
+    "node-buffer", // Confused. Real: buffer (built-in)
+    "node-events", // Confused. Real: events (built-in)
+    "node-stream", // Confused. Real: stream (built-in)
+    "node-util", // Confused. Real: util (built-in)
+    "node-url", // Confused. Real: url (built-in)
+    "node-async", // Conflation. Real: async (but also built-in Promise/async-await)
+    "react-hooks", // LLMs often suggest this as a package. Hooks are built into React.
+    "react-context", // Same — built into React, not a package
+    "react-suspense", // Built-in React feature, not a package
+    "react-memo", // Built-in React.memo, not a package
+    "typescript-utils", // Hallucination. Real: ts-utils or type-fest
+    "express-validator-middleware", // Conflation. Real: express-validator
+    "jest-mock-axios", // Conflation. Real: axios-mock-adapter or jest-axios-mock
+    "react-pdf-viewer", // Conflation. Real: @react-pdf/renderer or react-pdf
+    "node-mailer", // Abbreviated. Real: nodemailer (one word, no hyphen)
+    "bcrypt-nodejs", // Deprecated package. Real: bcrypt or bcryptjs
+    "mongoose-paginate", // Deprecated/renamed. Real: mongoose-paginate-v2
+    "body-parser-json", // Conflation. Real: body-parser (json handling is built-in method)
+    "cors-middleware", // Conflation. Real: cors
+    "morgan-logger", // Conflation. Real: morgan
+    "helmet-security", // Conflation. Real: helmet
+    "dotenv-config", // Conflation. Real: dotenv
+    "compression-middleware", // Conflation. Real: compression
+    "multer-upload", // Conflation. Real: multer
+    "sharp-image", // Conflation. Real: sharp
+    "jimp-image", // Conflation. Real: jimp
+    "crypto-secure-hash", // Example from Snyk research. Plausible-sounding, does not exist.
+    "securehashlib", // Example from Mend/Security Boulevard research
+    "fastparserx", // Example from Augment Code research
+    "ccxt-mexc-futures", // Documented exploitation case from Augment Code research
+    // CCXT is real; ccxt-mexc-futures is a hallucinated combination
+    "orientdb-node", // Documented hallucination: Mackenzie Jackson (Aikido Dev Advocate)
+    // AI invented this when asked to connect Node.js to OrientDB
+    "mongoose-es6", // Morpheme splice. Real: mongoose
+    "sequelize-postgres", // Conflation. Real: sequelize + pg
+    "knex-mysql", // Conflation. Real: knex + mysql2
+]);
+export const SUSPICIOUS_PATTERNS = [
+    // Node built-in module confusion — LLMs frequently prefix built-ins with "node-"
+    {
+        pattern: /^node-(crypto|path|fs|http|https|os|process|buffer|events|stream|util|url|child_process|cluster|dns|net|readline|vm|zlib)$/,
+        reason: "Likely confused with Node.js built-in module. Built-ins don't require installation.",
+        confidence: 'high',
+    },
+    // React built-in feature confusion — LLMs suggest these as installable packages
+    {
+        pattern: /^react-(hooks|context|suspense|memo|concurrent|strict-mode|profiler|portals|fragments|error-boundary)$/,
+        reason: "This is a built-in React feature, not a standalone package.",
+        confidence: 'high',
+    },
+    // Common AI conflagration patterns (two real packages merged)
+    {
+        pattern: /^(express|koa|fastify|hapi)-(mongoose|sequelize|postgres|mysql|redis|mongodb|sqlite|knex|typeorm|prisma)$/,
+        reason: "Likely AI conflation of an HTTP framework with a database library. These are separate packages.",
+        confidence: 'high',
+    },
+    {
+        pattern: /^react-(socket|websocket|socket-io|socketio)$/,
+        reason: "Likely AI conflation. Real package: socket.io-client (used independently).",
+        confidence: 'high',
+    },
+    {
+        pattern: /^(mongoose|sequelize|typeorm|prisma)-(paginate|cache|search|audit|validate|history)$/,
+        reason: "Likely AI morpheme-splice. Check the real package name carefully.",
+        confidence: 'medium',
+    },
+    // Babel plugin without prefix — LLMs frequently drop the 'babel-plugin-' prefix
+    {
+        pattern: /^transform-(react|es2015|es2016|es2017|es2018|es2019|es2020|es6|es7|class|arrow|async|modules|object|destructuring|spread|template|generators|runtime|strict)[-a-z0-9]*$/,
+        reason: "Likely missing 'babel-plugin-' prefix. Real package: babel-plugin-" + "transform-...",
+        confidence: 'high',
+    },
+    // ESLint plugin without prefix — LLMs frequently drop 'eslint-plugin-'
+    {
+        pattern: /^(jsx-a11y|react-hooks|import|unicorn|sonarjs|promise|prettier|node|security|jest|testing-library|unused-imports|compat|fp|functional|immutable|n|optimize-regex|react-refresh|tailwindcss|perfectionist)$/,
+        reason: "Likely missing 'eslint-plugin-' prefix. Real package: eslint-plugin-[name].",
+        confidence: 'high',
+    },
+    // @types scoped package hallucinations
+    {
+        pattern: /^@types\/(react-router-dom-v6|next-auth|prisma-client|sequelize-v6|mongoose-v7|socket-io|express-validator)$/,
+        reason: "Likely hallucinated @types scoped package. Check DefinitelyTyped for correct name.",
+        confidence: 'medium',
+    },
+    // Abbreviated popular package names (LLMs drop scopes or suffixes)
+    {
+        pattern: /^prisma-client$|^apollo-client$|^apollo-server$|^tanstack-query$/,
+        reason: "Abbreviated scoped package. Real: @prisma/client, @apollo/client, @tanstack/react-query.",
+        confidence: 'high',
+    },
+    // Security-sounding invented packages (Snyk research: AI invents "secure" packages)
+    {
+        pattern: /^(crypto|secure|safe|encrypted|auth|jwt|oauth|security)[-_](hash|helper|utils|lib|middleware|manager|handler|wrapper|module|toolkit)$/,
+        reason: "AI-invented security package following a known hallucination pattern. Verify existence.",
+        confidence: 'medium',
+    },
+    // Packages that are simply built-in Node.js globals (no install required)
+    {
+        pattern: /^(console|global|process|Buffer|setImmediate|clearImmediate|setInterval|clearInterval|setTimeout|clearTimeout|__dirname|__filename|require|module|exports)$/,
+        reason: "This is a Node.js global, not an installable package.",
+        confidence: 'high',
+    },
+    // Generic "helper" packages that sound plausible but rarely exist
+    {
+        pattern: /^[a-z]+-[a-z]+-(helper|helpers|util|utils|toolkit|boilerplate|starter|scaffold|template|wrapper|adapter|bridge|middleware|handler|provider|factory|manager|service|client|sdk)$/,
+        reason: "Three-segment name matching AI morpheme-splice pattern. Verify package existence.",
+        confidence: 'low',
+    },
+    // PhantomRaven brandjacking pattern — packages named after companies/projects
+    {
+        pattern: /^(airbnb|crowdstrike|google|microsoft|adobe|amazon|aws|github|gitlab|atlassian|shopify|stripe|twilio|sendgrid|cloudflare|vercel|netlify|firebase)[-_a-z0-9]*(?<!-official|-sdk|-api|-js|-node|-react|-python)$/,
+        reason: "Matches PhantomRaven brandjacking pattern. Official packages use scoped names like @company/...",
+        confidence: 'medium',
+    },
+    // Packages that are abbreviated version of well-known scoped packages
+    {
+        pattern: /^(react-query|react-table|react-virtual|react-hook-form|react-spring|react-three|framer|framer-motion-utils)$/,
+        reason: "Check whether this is an abbreviated name. The real packages may use @tanstack/ or other scopes.",
+        confidence: 'low',
+    },
+];
+// ─────────────────────────────────────────────────────────────────────────────
+// SECTION 4: INCOMPLETE NAMES
+// Pairs of (hallucinated_short_name → real_full_name)
+// These are the most dangerous: plausible-sounding abbreviations that LLMs
+// consistently produce instead of the real package name.
+// Source: Koi Security PhantomRaven analysis + Spracklen et al. taxonomy
+// ─────────────────────────────────────────────────────────────────────────────
+export const INCOMPLETE_NAME_MAP = new Map([
+    // ESLint plugins (LLMs drop "eslint-plugin-" prefix)
+    ["unused-imports", "eslint-plugin-unused-imports"],
+    ["jsx-a11y", "eslint-plugin-jsx-a11y"],
+    ["no-only-tests", "eslint-plugin-no-only-tests"],
+    ["react-hooks", "eslint-plugin-react-hooks"],
+    ["import", "eslint-plugin-import"],
+    ["unicorn", "eslint-plugin-unicorn"],
+    ["promise", "eslint-plugin-promise"],
+    ["node", "eslint-plugin-n (formerly eslint-plugin-node)"],
+    ["security", "eslint-plugin-security"],
+    ["jest", "eslint-plugin-jest"],
+    ["fp", "eslint-plugin-fp"],
+    ["sonarjs", "eslint-plugin-sonarjs"],
+    ["testing-library", "@testing-library/eslint-plugin-testing-library"],
+    // Babel plugins (LLMs drop "babel-plugin-" prefix)
+    ["transform-react-remove-prop-types", "babel-plugin-transform-react-remove-prop-types"],
+    ["transform-es2015-modules-commonjs", "babel-plugin-transform-es2015-modules-commonjs"],
+    ["transform-merge-sibling-variables", "babel-plugin-transform-merge-sibling-variables"],
+    ["transform-react-constant-elements", "babel-plugin-transform-react-constant-elements"],
+    ["transform-runtime", "babel-plugin-transform-runtime or @babel/plugin-transform-runtime"],
+    ["transform-class-properties", "@babel/plugin-transform-class-properties"],
+    ["syntax-dynamic-import", "@babel/plugin-syntax-dynamic-import"],
+    ["external-helpers", "@babel/plugin-external-helpers"],
+    // Scoped packages (LLMs drop @scope/)
+    ["prisma-client", "@prisma/client"],
+    ["apollo-client", "@apollo/client"],
+    ["tanstack-query", "@tanstack/react-query"],
+    ["react-query", "@tanstack/react-query (v4+)"],
+    ["types-react", "@types/react"],
+    ["types-node", "@types/node"],
+    // Popular packages with wrong names
+    ["node-mailer", "nodemailer"],
+    ["bcrypt-nodejs", "bcrypt or bcryptjs"],
+    ["mongoose-paginate", "mongoose-paginate-v2"],
+    ["passport-google", "passport-google-oauth20"],
+    ["socket-io", "socket.io or socket.io-client"],
+    ["webpack-dev", "webpack-dev-server or webpack-dev-middleware"],
+    ["eslint-typescript", "@typescript-eslint/eslint-plugin"],
+    ["firebase-admin-sdk", "firebase-admin"],
+    ["google-maps-api", "@googlemaps/js-api-loader"],
+    ["stripe-node", "stripe"],
+    ["twilio-node", "twilio"],
+    ["aws-cognito", "amazon-cognito-identity-js"],
+    ["react-testing", "@testing-library/react"],
+    ["polyfill-corejs3", "core-js (configured via @babel/preset-env)"],
+    ["polyfill-regenerator", "regenerator-runtime"],
+    // Node built-ins confused as packages
+    ["node-crypto", "crypto (built-in module, no install needed)"],
+    ["node-path", "path (built-in module, no install needed)"],
+    ["node-fs", "fs (built-in module, no install needed)"],
+    ["node-http", "http (built-in module, no install needed)"],
+    ["node-os", "os (built-in module, no install needed)"],
+    ["node-buffer", "buffer (built-in, or use the 'buffer' npm package for browser)"],
+    ["node-events", "events (built-in module, no install needed)"],
+    ["node-stream", "stream (built-in module, no install needed)"],
+    ["node-util", "util (built-in module, no install needed)"],
+    ["node-url", "url (built-in module, no install needed)"],
+]);
+/**
+ * Check whether an npm package name matches known hallucination patterns.
+ *
+ * @param packageName - The npm package name to check (as it would appear in package.json)
+ * @returns HallucinationCheckResult
+ */
+export function isLikelyHallucinated(packageName) {
+    const name = packageName.trim().toLowerCase();
+    // 1. Confirmed malicious
+    if (CONFIRMED_MALICIOUS.has(name)) {
+        return {
+            flagged: true,
+            confidence: 'high',
+            reason: `"${packageName}" is on the confirmed malicious package list. This package has been used in active supply chain attacks (PhantomRaven campaign or documented slopsquatting).`,
+            suggestedAlternative: INCOMPLETE_NAME_MAP.get(name),
+            source: 'confirmed_malicious',
+        };
+    }
+    // 2. Documented hallucinations
+    if (DOCUMENTED_HALLUCINATIONS.has(name)) {
+        const alt = INCOMPLETE_NAME_MAP.get(name);
+        return {
+            flagged: true,
+            confidence: 'high',
+            reason: `"${packageName}" has been documented as an AI-hallucinated package name in published security research.`,
+            suggestedAlternative: alt,
+            source: 'documented_hallucination',
+        };
+    }
+    // 3. Incomplete name (abbreviated real package)
+    if (INCOMPLETE_NAME_MAP.has(name)) {
+        return {
+            flagged: true,
+            confidence: 'high',
+            reason: `"${packageName}" is a known abbreviated form of a real package that LLMs commonly produce.`,
+            suggestedAlternative: INCOMPLETE_NAME_MAP.get(name),
+            source: 'incomplete_name',
+        };
+    }
+    // 4. Pattern matching
+    for (const check of SUSPICIOUS_PATTERNS) {
+        if (check.pattern.test(name)) {
+            return {
+                flagged: true,
+                confidence: check.confidence,
+                reason: check.reason,
+                source: 'suspicious_pattern',
+            };
+        }
+    }
+    return {
+        flagged: false,
+        confidence: 'high',
+        reason: `"${packageName}" does not match any known hallucination patterns.`,
+        source: 'clean',
+    };
+}
+/**
+ * Scan an array of package names and return only those that are flagged.
+ * Useful for scanning a full package.json dependency list.
+ */
+export function scanPackageList(packageNames) {
+    return packageNames
+        .map(name => ({ name, ...isLikelyHallucinated(name) }))
+        .filter(result => result.flagged);
+}
+/**
+ * Total corpus size for reporting purposes.
+ */
+export const CORPUS_STATS = {
+    confirmedMalicious: CONFIRMED_MALICIOUS.size,
+    documentedHallucinations: DOCUMENTED_HALLUCINATIONS.size,
+    incompleteNameMappings: INCOMPLETE_NAME_MAP.size,
+    suspiciousPatterns: SUSPICIOUS_PATTERNS.length,
+    get total() {
+        return this.confirmedMalicious + this.documentedHallucinations + this.incompleteNameMappings;
+    },
+    lastUpdated: '2026-03-08',
+    primarySources: [
+        'Koi Security PhantomRaven IOCs (Oct 2025)',
+        'Sonatype PhantomRaven analysis — 200+ packages (Oct–Nov 2025)',
+        'Lasso Security hallucination research (Bar Lanyado, 2024)',
+        'Spracklen et al., USENIX 2025 — 205,474 hallucinated names analyzed',
+        'Krishna et al., Importing Phantoms (Jan 2025)',
+        'Aikido Security — react-codeshift live case (Charlie Eriksen, Jan 2026)',
+        'Snyk package hallucination documentation (Aug 2025)',
+        'Mend slopsquatting research (Aug 2025)',
+    ],
+};
+//# sourceMappingURL=Hallucinated%20Packages%20Corpus%20from%20Claude.js.map

package/dist/tools/Hallucinated Packages Corpus from Claude.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Hallucinated Packages Corpus from Claude.js","sourceRoot":"","sources":["../../src/tools/Hallucinated Packages Corpus from Claude.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,gFAAgF;AAChF,6EAA6E;AAC7E,2EAA2E;AAC3E,gFAAgF;AAChF,MAAM,CAAC,MAAM,mBAAmB,GAAwB,IAAI,GAAG,CAAC;IAC9D,kFAAkF;IAClF,kFAAkF;IAClF,gBAAgB,EAAgB,6EAA6E;IAC7G,iBAAiB,EAAe,+EAA+E;IAC/G,0BAA0B,EAAM,gDAAgD;IAChF,iBAAiB,EAAe,qEAAqE;IACrG,mCAAmC,EAAE,qEAAqE;IAC1G,mCAAmC,EAAE,qEAAqE;IAC1G,mCAAmC,EAAE,qEAAqE;IAC1G,mCAAmC,EAAC,qEAAqE;IACzG,oBAAoB,EAAY,gCAAgC;IAChE,qBAAqB,EAAW,gEAAgE;IAChG,eAAe,EAAiB,mDAAmD;IACnF,WAAW,EAAqB,eAAe;IAC/C,eAAe,EAAiB,eAAe;IAC/C,gBAAgB,EAAgB,eAAe;IAC/C,oBAAoB,EAAY,eAAe;IAC/C,sBAAsB,EAAU,eAAe;IAC/C,kBAAkB,EAAc,eAAe;IAC/C,UAAU,EAAsB,8CAA8C;IAC9E,eAAe,EAAiB,eAAe;IAC/C,YAAY,EAAoB,eAAe;IAC/C,kBAAkB,EAAc,eAAe;IAC/C,uBAAuB,EAAS,eAAe;IAC/C,oBAAoB,EAAY,eAAe;IAC/C,gBAAgB,EAAgB,eAAe;IAC/C,iBAAiB,EAAe,eAAe;IAC/C,yBAAyB,EAAO,eAAe;IAC/C,eAAe,EAAiB,eAAe;IAC/C,uCAAuC,EAAE,eAAe;IACxD,uBAAuB,EAAS,eAAe;IAC/C,sBAAsB,EAAU,2BAA2B;IAC3D,SAAS,EAAuB,eAAe;IAC/C,kBAAkB,EAAc,wDAAwD;IACxF,sBAAsB,EAAU,eAAe;IAC/C,kBAAkB,EAAc,eAAe;IAC/C,aAAa,EAAmB,8BAA8B;IAC9D,cAAc,EAAkB,qCAAqC;IACrE,iCAAiC,EAAE,8BAA8B;IACjE,cAAc,EAAkB,8BAA8B;IAC9D,YAAY,EAAoB,8BAA8B;IAC9D,iBAAiB,EAAe,8BAA8B;IAC9D,+BAA+B,EAAE,8BAA8B;IAC/D,gBAAgB,EAAgB,8BAA8B;IAC9D,cAAc,EAAkB,eAAe;IAC/C,oBAAoB,EAAY,eAAe;IAC/C,eAAe,EAAiB,wDAAwD;IACxF,wBAAwB,EAAQ,qCAAqC;IACrE,YAAY,EAAoB,eAAe;IAC/C,qBAAqB,EAAW,eAAe;IAC/C,aAAa,EAAmB,eAAe;IAC/C,oBAAoB,EAAY,eAAe;IAC/C,eAAe,EAAiB,eAAe;IAC/C,sBAAsB,EAAU,eAAe;IAC/C,yBAAyB,EAAO,wCAAwC;IACxE,mCAAmC,EAAE,eAAe;IACpD,SAAS,EAAuB,eAAe;IAC/C,2BAA2B,EAAK,eAAe;IAC/C,mBAAmB,EAAa,eAAe;IAC/C,gCAAgC,EAAE,wCAAwC;IAC1E,mCAAmC,EAAE,eAAe;IACpD,SAAS,EAAuB,eAAe;IAC/C,gBAAgB,EAAgB,eAAe;IAC/C,mBAAmB,EAAa,eAAe;IAC/C,OAAO,EAAyB,eAAe;IAC/C,aAAa,EAAmB,eAAe;IAC/C,iBAAiB,EAAe,eAAe;IAC/C,YAAY,EAAoB,eAAe;IAC/C,kBAAkB,EAAc,eAAe;IAC/C,0BAA0B,EAAM,eAAe;IAC/C,oBAAoB,EAAY,eAAe;IAC/C,QAAQ,EAAwB,eAAe;IAC/C,eAAe,EAAiB,eAAe;IAC/C,oBAAoB,EAAY,eAAe;IAC/C,SAAS,EAAuB,eAAe;IAC/C,cAAc,EAAkB,eAAe;IAC/C,0BAA0B,EAAM,eAAe;IAC/C,0BAA0B,EAAM,wCAAwC;IACxE,YAAY,EAAoB,eAAe;IAC/C,qBAAqB,EAAW,eAAe;IAC/C,kCAAkC,EAAE,qCAAqC;IACzE,kBAAkB,EAAc,eAAe;IAC/C,mBAAmB,EAAa,eAAe;IAC/C,oBAAoB,EAAY,eAAe;IAC/C,2BAA2B,EAAK,iDAAiD;IACjF,+BAA+B,EAAC,eAAe;CAChD,CAAC,CAAC;AAEH,gFAAgF;AAChF,0CAA0C;AAC1C,iFAAiF;AACjF,4DAA4D;AAC5D,gFAAgF;AAChF,MAAM,CAAC,MAAM,yBAAyB,GAAwB,IAAI,GAAG,CAAC;IACpE,0EAA0E;IAC1E,iBAAiB,EAAO,4DAA4D;IAC5D,wEAAwE;IACxE,kDAAkD;IAE1E,6EAA6E;IAC7E,iBAAiB,EAAO,yEAAyE;IACzE,6EAA6E;IAC7E,mEAAmE;IAE3F,4EAA4E;IAC5E,gBAAgB,EAAQ,uDAAuD;IAC/E,mCAAmC,EAAE,wCAAwC;IAE7E,iFAAiF;IACjF,kBAAkB,EAAM,yEAAyE;IACjG,sBAAsB,EAAE,kDAAkD;IAC1E,iBAAiB,EAAO,oDAAoD;IAC5E,sBAAsB,EAAE,qBAAqB;IAC7C,eAAe,EAAS,mDAAmD;IAC3E,kBAAkB,EAAM,2BAA2B;IACnD,cAAc,EAAU,+DAA+D;IACvF,kBAAkB,EAAM,iCAAiC;IACzD,kBAAkB,EAAM,gDAAgD;IACxE,iBAAiB,EAAO,sEAAsE;IAC9F,qBAAqB,EAAG,kDAAkD;IAC1E,aAAa,EAAW,kEAAkE;IAC1F,mBAAmB,EAAK,sDAAsD;IAC9E,YAAY,EAAY,mEAAmE;IAC3F,eAAe,EAAS,oCAAoC;IAC5D,gBAAgB,EAAQ,oDAAoD;IAC5E,mBAAmB,EAAK,mEAAmE;IAC3F,aAAa,EAAW,4DAA4D;IACpF,YAAY,EAAY,qDAAqD;IAC7E,aAAa,EAAW,2DAA2D;IACnF,aAAa,EAAW,4BAA4B;IACpD,aAAa,EAAW,qEAAqE;IAC7F,oBAAoB,EAAI,oCAAoC;IAC5D,iBAAiB,EAAO,8DAA8D;IACtF,uBAAuB,EAAC,sEAAsE;IAC9F,gBAAgB,EAAQ,kCAAkC;IAC1D,oBAAoB,EAAI,sDAAsD;IAC9E,eAAe,EAAS,4CAA4C;IACpE,WAAW,EAAa,4EAA4E;IACpG,aAAa,EAAW,+DAA+D;IACvF,WAAW,EAAa,kCAAkC;IAC1D,SAAS,EAAe,gCAAgC;IACxD,WAAW,EAAa,kCAAkC;IAC1D,SAAS,EAAe,gCAAgC;IACxD,cAAc,EAAU,4CAA4C;IACpE,aAAa,EAAW,oCAAoC;IAC5D,aAAa,EAAW,oCAAoC;IAC5D,aAAa,EAAW,oCAAoC;IAC5D,WAAW,EAAa,kCAAkC;IAC1D,UAAU,EAAc,iCAAiC;IACzD,YAAY,EAAY,kEAAkE;IAC1F,aAAa,EAAW,oEAAoE;IAC5F,eAAe,EAAS,yCAAyC;IACjE,gBAAgB,EAAQ,wCAAwC;IAChE,YAAY,EAAY,qCAAqC;IAC7D,kBAAkB,EAAM,6CAA6C;IACrE,8BAA8B,EAAE,sCAAsC;IACtE,iBAAiB,EAAO,0DAA0D;IAClF,kBAAkB,EAAM,qDAAqD;IAC7E,aAAa,EAAW,sDAAsD;IAC9E,eAAe,EAAS,+CAA+C;IACvE,mBAAmB,EAAK,iDAAiD;IACzE,kBAAkB,EAAM,mEAAmE;IAC3F,iBAAiB,EAAO,yBAAyB;IACjD,eAAe,EAAS,2BAA2B;IACnD,iBAAiB,EAAO,2BAA2B;IACnD,eAAe,EAAS,2BAA2B;IACnD,wBAAwB,EAAC,gCAAgC;IACzD,eAAe,EAAS,2BAA2B;IACnD,aAAa,EAAW,0BAA0B;IAClD,YAAY,EAAY,yBAAyB;IACjD,oBAAoB,EAAI,kEAAkE;IAC1F,eAAe,EAAS,gDAAgD;IACxE,aAAa,EAAW,qCAAqC;IAC7D,mBAAmB,EAAK,0DAA0D;IAC1D,gEAAgE;IACxF,eAAe,EAAS,oEAAoE;IACpE,6DAA6D;IACrF,cAAc,EAAU,kCAAkC;IAC1D,oBAAoB,EAAI,mCAAmC;IAC3D,YAAY,EAAY,kCAAkC;CAC3D,CAAC,CAAC;AAiBH,MAAM,CAAC,MAAM,mBAAmB,GAAmB;IACjD,iFAAiF;IACjF;QACE,OAAO,EAAE,4HAA4H;QACrI,MAAM,EAAE,qFAAqF;QAC7F,UAAU,EAAE,MAAM;KACnB;IAED,gFAAgF;IAChF;QACE,OAAO,EAAE,wGAAwG;QACjH,MAAM,EAAE,6DAA6D;QACrE,UAAU,EAAE,MAAM;KACnB;IAED,8DAA8D;IAC9D;QACE,OAAO,EAAE,2GAA2G;QACpH,MAAM,EAAE,iGAAiG;QACzG,UAAU,EAAE,MAAM;KACnB;IACD;QACE,OAAO,EAAE,+CAA+C;QACxD,MAAM,EAAE,4EAA4E;QACpF,UAAU,EAAE,MAAM;KACnB;IACD;QACE,OAAO,EAAE,sFAAsF;QAC/F,MAAM,EAAE,mEAAmE;QAC3E,UAAU,EAAE,QAAQ;KACrB;IAED,gFAAgF;IAChF;QACE,OAAO,EAAE,0KAA0K;QACnL,MAAM,EAAE,oEAAoE,GAAG,eAAe;QAC9F,UAAU,EAAE,MAAM;KACnB;IAED,uEAAuE;IACvE;QACE,OAAO,EAAE,4MAA4M;QACrN,MAAM,EAAE,6EAA6E;QACrF,UAAU,EAAE,MAAM;KACnB;IAED,uCAAuC;IACvC;QACE,OAAO,EAAE,8GAA8G;QACvH,MAAM,EAAE,oFAAoF;QAC5F,UAAU,EAAE,QAAQ;KACrB;IAED,mEAAmE;IACnE;QACE,OAAO,EAAE,kEAAkE;QAC3E,MAAM,EAAE,0FAA0F;QAClG,UAAU,EAAE,MAAM;KACnB;IAED,oFAAoF;IACpF;QACE,OAAO,EAAE,uIAAuI;QAChJ,MAAM,EAAE,yFAAyF;QACjG,UAAU,EAAE,QAAQ;KACrB;IAED,0EAA0E;IAC1E;QACE,OAAO,EAAE,6JAA6J;QACtK,MAAM,EAAE,uDAAuD;QAC/D,UAAU,EAAE,MAAM;KACnB;IAED,kEAAkE;IAClE;QACE,OAAO,EAAE,iLAAiL;QAC1L,MAAM,EAAE,mFAAmF;QAC3F,UAAU,EAAE,KAAK;KAClB;IAED,8EAA8E;IAC9E;QACE,OAAO,EAAE,gNAAgN;QACzN,MAAM,EAAE,iGAAiG;QACzG,UAAU,EAAE,QAAQ;KACrB;IAED,sEAAsE;IACtE;QACE,OAAO,EAAE,+GAA+G;QACxH,MAAM,EAAE,kGAAkG;QAC1G,UAAU,EAAE,KAAK;KAClB;CACF,CAAC;AAEF,gFAAgF;AAChF,8BAA8B;AAC9B,sDAAsD;AACtD,2EAA2E;AAC3E,yDAAyD;AACzD,yEAAyE;AACzE,gFAAgF;AAChF,MAAM,CAAC,MAAM,mBAAmB,GAAgC,IAAI,GAAG,CAAC;IACtE,qDAAqD;IACrD,CAAC,gBAAgB,EAAS,8BAA8B,CAAC;IACzD,CAAC,UAAU,EAAe,wBAAwB,CAAC;IACnD,CAAC,eAAe,EAAU,6BAA6B,CAAC;IACxD,CAAC,aAAa,EAAY,2BAA2B,CAAC;IACtD,CAAC,QAAQ,EAAiB,sBAAsB,CAAC;IACjD,CAAC,SAAS,EAAgB,uBAAuB,CAAC;IAClD,CAAC,SAAS,EAAgB,uBAAuB,CAAC;IAClD,CAAC,MAAM,EAAmB,+CAA+C,CAAC;IAC1E,CAAC,UAAU,EAAe,wBAAwB,CAAC;IACnD,CAAC,MAAM,EAAmB,oBAAoB,CAAC;IAC/C,CAAC,IAAI,EAAqB,kBAAkB,CAAC;IAC7C,CAAC,SAAS,EAAgB,uBAAuB,CAAC;IAClD,CAAC,iBAAiB,EAAQ,gDAAgD,CAAC;IAE3E,mDAAmD;IACnD,CAAC,mCAAmC,EAAE,gDAAgD,CAAC;IACvF,CAAC,mCAAmC,EAAE,gDAAgD,CAAC;IACvF,CAAC,mCAAmC,EAAE,gDAAgD,CAAC;IACvF,CAAC,mCAAmC,EAAE,gDAAgD,CAAC;IACvF,CAAC,mBAAmB,EAAkB,mEAAmE,CAAC;IAC1G,CAAC,4BAA4B,EAAS,0CAA0C,CAAC;IACjF,CAAC,uBAAuB,EAAc,qCAAqC,CAAC;IAC5E,CAAC,kBAAkB,EAAmB,gCAAgC,CAAC;IAEvE,sCAAsC;IACtC,CAAC,eAAe,EAAU,gBAAgB,CAAC;IAC3C,CAAC,eAAe,EAAU,gBAAgB,CAAC;IAC3C,CAAC,gBAAgB,EAAS,uBAAuB,CAAC;IAClD,CAAC,aAAa,EAAY,6BAA6B,CAAC;IACxD,CAAC,aAAa,EAAY,cAAc,CAAC;IACzC,CAAC,YAAY,EAAa,aAAa,CAAC;IAExC,oCAAoC;IACpC,CAAC,aAAa,EAAY,YAAY,CAAC;IACvC,CAAC,eAAe,EAAU,oBAAoB,CAAC;IAC/C,CAAC,mBAAmB,EAAM,sBAAsB,CAAC;IACjD,CAAC,iBAAiB,EAAQ,yBAAyB,CAAC;IACpD,CAAC,WAAW,EAAc,+BAA+B,CAAC;IAC1D,CAAC,aAAa,EAAY,8CAA8C,CAAC;IACzE,CAAC,mBAAmB,EAAM,kCAAkC,CAAC;IAC7D,CAAC,oBAAoB,EAAK,gBAAgB,CAAC;IAC3C,CAAC,iBAAiB,EAAQ,2BAA2B,CAAC;IACtD,CAAC,aAAa,EAAY,QAAQ,CAAC;IACnC,CAAC,aAAa,EAAY,QAAQ,CAAC;IACnC,CAAC,aAAa,EAAY,4BAA4B,CAAC;IACvD,CAAC,eAAe,EAAU,wBAAwB,CAAC;IACnD,CAAC,kBAAkB,EAAO,4CAA4C,CAAC;IACvE,CAAC,sBAAsB,EAAG,qBAAqB,CAAC;IAEhD,sCAAsC;IACtC,CAAC,aAAa,EAAI,6CAA6C,CAAC;IAChE,CAAC,WAAW,EAAM,2CAA2C,CAAC;IAC9D,CAAC,SAAS,EAAQ,yCAAyC,CAAC;IAC5D,CAAC,WAAW,EAAM,2CAA2C,CAAC;IAC9D,CAAC,SAAS,EAAQ,yCAAyC,CAAC;IAC5D,CAAC,aAAa,EAAI,gEAAgE,CAAC;IACnF,CAAC,aAAa,EAAI,6CAA6C,CAAC;IAChE,CAAC,aAAa,EAAI,6CAA6C,CAAC;IAChE,CAAC,WAAW,EAAM,2CAA2C,CAAC;IAC9D,CAAC,UAAU,EAAO,0CAA0C,CAAC;CAC9D,CAAC,CAAC;AAcH;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,WAAmB;IACtD,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAE9C,yBAAyB;IACzB,IAAI,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAClC,OAAO;YACL,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,MAAM;YAClB,MAAM,EAAE,IAAI,WAAW,8JAA8J;YACrL,oBAAoB,EAAE,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC;YACnD,MAAM,EAAE,qBAAqB;SAC9B,CAAC;IACJ,CAAC;IAED,+BAA+B;IAC/B,IAAI,yBAAyB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC1C,OAAO;YACL,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,MAAM;YAClB,MAAM,EAAE,IAAI,WAAW,0FAA0F;YACjH,oBAAoB,EAAE,GAAG;YACzB,MAAM,EAAE,0BAA0B;SACnC,CAAC;IACJ,CAAC;IAED,gDAAgD;IAChD,IAAI,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAClC,OAAO;YACL,OAAO,EAAE,IAAI;YACb,UAAU,EAAE,MAAM;YAClB,MAAM,EAAE,IAAI,WAAW,6EAA6E;YACpG,oBAAoB,EAAE,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC;YACnD,MAAM,EAAE,iBAAiB;SAC1B,CAAC;IACJ,CAAC;IAED,sBAAsB;IACtB,KAAK,MAAM,KAAK,IAAI,mBAAmB,EAAE,CAAC;QACxC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,MAAM,EAAE,oBAAoB;aAC7B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,UAAU,EAAE,MAAM;QAClB,MAAM,EAAE,IAAI,WAAW,oDAAoD;QAC3E,MAAM,EAAE,OAAO;KAChB,CAAC;AACJ,CAAC;AASD;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,YAAsB;IACpD,OAAO,YAAY;SAChB,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,GAAG,oBAAoB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;SACtD,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;IAC5C,wBAAwB,EAAE,yBAAyB,CAAC,IAAI;IACxD,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;IAChD,kBAAkB,EAAE,mBAAmB,CAAC,MAAM;IAC9C,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,wBAAwB,GAAG,IAAI,CAAC,sBAAsB,CAAC;IAC/F,CAAC;IACD,WAAW,EAAE,YAAY;IACzB,cAAc,EAAE;QACd,2CAA2C;QAC3C,+DAA+D;QAC/D,2DAA2D;QAC3D,qEAAqE;QACrE,+CAA+C;QAC/C,yEAAyE;QACzE,qDAAqD;QACrD,wCAAwC;KACzC;CACO,CAAC"}

package/dist/tools/MCP Usage Takeaways.guard.d.ts

@@ -0,0 +1,4 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerGuardTool(server: McpServer): void;
+export declare const guardTool: typeof registerGuardTool;
+//# sourceMappingURL=MCP%20Usage%20Takeaways.guard.d.ts.map

package/dist/tools/MCP Usage Takeaways.guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MCP Usage Takeaways.guard.d.ts","sourceRoot":"","sources":["../../src/tools/MCP Usage Takeaways.guard.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAiJpE,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CA6SzD;AAuBD,eAAO,MAAM,SAAS,0BAAoB,CAAC"}