Rising from the Dead: Zombie Dependencies

Published on April 15, 2025

Overview of slopsquatting lifecycle

Rising from the Dead: Zombie Dependencies

Recently, there has been a surge of discussion in the press about “slopsquatting”. While slopsquatting poses serious risks to supply chain security, at Ossprey we believe that there is a bigger threat already impacting organisations and not being addressed – the rise of zombie dependencies.

What is Slopsquatting?

Slopsquatting, a term developed by Seth Larson, a Security Developer-in-Residence at the Python Software Foundation, is when AI tooling hallucinates and suggests open source dependencies that don’t exist. This creates a new opportunity for attackers: they can anticipate which packages AI tools are likely to recommend, then publish malicious under those names, resulting in poisoned packages that developers might unwittingly use.

Overview of slopsquatting lifecycle

Typically, including a non-existent package results in an error, which alerts the developer to remove it. This means that slopsquatting only becomes a threat after the malicious package has been created and made available.

Enter Zombie Dependencies

Slopsquatting has rightfully raised alarms in the security community, but it’s only part of a broader, growing challenge introduced by AI-assisted development.

Now, another lurking threat is clawing its way to the surface: Zombie Dependencies

A zombie holding a physical package

Zombie Dependencies occur when an AI recommends dormant or poorly maintained packages that do exist.

If developers don’t carefully validate these suggestions, they may install and run insecure packages without realizing the risk they’ve introduced. If these get compromised all previous and future users are impacted.

A Real World Example: NestJS

NestJS is a popular JavaScript framework designed for building scalable and maintainable server-side applications. Styled similarly to Angular, it has gained significant traction in the developer community, boasting over 70,000 stars on GitHub.

When developers ask ChatGPT for help with NestJS, it often recommends both legitimate and unrelated packages.

For example, AI might recommend these legitimate packages:

@nestjs/mapped-types (https://www.npmjs.com/package/@nestjs/mapped-types) 
@nestjs/terminus

But it frequently also recommends this zombie package:

Nestjs (https://www.npmjs.com/package/nestjs)

This zombie package has no organization prefix and is not affiliated with the official NestJS ecosystem.

The difference is subtle but could be costly.

This @nestjs package:

  • Was created 9 years ago
  • Contains no code or dependencies, it’s completely empty
  • Is maintained by a single individual

Until recently, the package was dormant and largely ignored, this is the textbook definition of a zombie dependency. But since ChatGPT began recommending it, it’s now being downloaded over 10,000 times per week and has been nested as a dependency in several other packages.

An Important Caveat

Currently, the NestJS Zombie Dependency is not a considered a malicious package, so if you are using it, you are not at immediate risk.

To be clear, the maintainer has done nothing wrong. He is an upstanding member of the engineering community who worked on this package years ago and then moved onto other projects. He is not someone who would use this access to impact people.

We only use nestjs as an example to illustrate how using zombie dependencies can put your organization at risk.

What if I have Zombie Dependencies?

The main risks around Zombie Dependencies are:

  1. They are rarely updated, which means:
    • They can contain unknown vulnerabilities and poor coding practices
    • They can contain known vulnerabilities that no one will ever fix as maintenance has long since been abandoned
  2. The maintainer’s accounts may not be properly protected (as they are not used regularly) resulting in the dependency being compromised.
    • We saw this happen with the Lottie Files compromise last year (Ossprey Blog)
  3. You have no visibility of who the maintainers are
    • If maintainers are added/removed without proper due diligence, then it is possible that a malicious actor could maliciously manipulate the package.
    • We have seen several attacks where this has happened in the past (e.g. tj-actions, XZ Utils compromise)

Take Aways

So, what can you do to make sure you are protected?

You should avoid using zombie dependencies as much as possible. To do this you should make sure your engineers:

  • Validate all dependencies, especially if they are recommended by AI
  • Validate your transitive dependencies, aka the dependencies with your dependencies

As AI code assistants and “vibe coding” continue to grow in popularity, both slopsquatting and zombie dependencies are poised to become more prevalent and more dangerous.

Engineers must stay vigilant, especially when accepting dependency recommendations from AI. Every package should be verified as valid, trustworthy, and actively maintained to safeguard the integrity of the software supply chain.

Ossprey can Help!

Ossprey actively hunts for and stops zombie dependencies like these from being included in your supply chain. We can warn you before you are impacted so you can make a risk based decision with the right data to do it.

If you want to make sure you are protected from packages like these being used in your supply chain, reach to us contact@ossprey.com and sign up to our waitlist to be one of the first to have access to beta release.

Bird taking notes