LintMyAI

no-hallucinated-packages

FreeHallucinated Imports

Disallow imports of packages not found in node_modules, package.json, or npm registry cache

no-hallucinated-packages

Disallow imports of packages not found in node_modules, package.json, or npm registry cache

Category: Hallucinated Imports | Tier: Free

Why This Matters

AI assistants sometimes invent package names that sound plausible but do not exist on npm. Installing a hallucinated package fails your build, and in the worst case you could install a malicious typosquat package that an attacker published under that name.

Bad Code

// AI invented a package that doesn't exist on npm
import { validate } from 'express-validator-pro';
import { hash } from 'bcrypt-fast';

Good Code

// Use real, published packages
import { body } from 'express-validator';
import { hash } from 'bcrypt';

Configuration

This rule has no configuration options. It is enabled by default in lintmyai:recommended.