Slopsquatting: The New Supply Chain Attack Targeting AI-First Developers

Originally published on NextFuture The Invisible Threat in Your Terminal Imagine this: You’re deep in a "vibe coding" session with Claude Code or Cursor. You ask the agent to "implement a complex state transition with flicker-free rendering in Next.js." The AI, being helpful and confident, suggests installing a specialized utility: npm install next-flicker-zero. You approve the command without a second thought. Five minutes later, your environment variables are being exfiltrated to