GhostPkg
catch hallucinated npm packages before they waste your afternoon
Get Pro →Ever run into this?
AI coding assistants confidently invent npm package names that don't exist on the registry. You copy the generated code, run npm install, and spend an hour chasing a 404 or a subtly wrong package name. There is no fast way to audit all imports before you commit.
The fix
GhostPkg scans your JS/TS files, extracts every bare import specifier, and hits the npm registry in parallel to flag phantom packages instantly with fuzzy 'did you mean?' suggestions.
What it does
- glob-scans all JS/TS/JSX/TSX files and extracts static import and require specifiers
- parallel npm registry checks with inline Levenshtein fuzzy match for close-but-wrong names
- exit code 1 on any ghost so it drops straight into CI pipelines and pre-commit hooks