Absolutely wild attack vector I never would have thought of. It's almost as if it is targeted at "vibe-coding".

AI-hallucinated code dependencies become new supply chain risk
A new class of supply chain attacks named ‘slopsquatting’ has emerged from the increased use of generative AI tools for coding and the model’s tendency to “hallucinate” non-existent package names.
BleepingComputerBill Toulas