# Your AI Keeps Importing Packages That Don't Exist. We Got Tired of It Too.

> AI assistants hallucinate imports that don't exist, and attackers now register those names with malware. Here's how to catch them before they merge.

There's a thread making the rounds where someone vents that their AI assistant "keeps adding random imports to my code that don't exist." The replies are the best part. One person's coding agent invented a module, got called out, and then argued back that the module was real. Another found a mystery package named something like `TrjnHrs.Pkg` quietly added to their project. Somebody else realized a non-existent module was the reason a coworker's AI-rewritten service had been silently broken for a day.

We laughed. Then we stopped laughing, because this had been driving us crazy too.

## Why models invent imports

Large language models are pattern-matchers, not compilers. When a model writes `import` followed by a plausible name, it isn't checking whether that package exists. It's predicting what a confident programmer would probably type next. Most of the time the prediction lands. Sometimes it confidently reaches for `requests_async`, `react-use-debounce-hook`, or some tidy-sounding utility that was never published by anyone.

The model has no ground truth. It has vibes. And vibes are very good at producing names that look exactly like real packages.

## The part that should actually scare you

A hallucinated import isn't just a broken build. It's an attack surface.

Researchers have a name for it now: slopsquatting. Attackers watch which fake package names AI tools tend to hallucinate, then register those names on the public registries with malware inside. Your assistant invents `trjnhrs-pkg`. Someone has already published `trjnhrs-pkg`. Your install command resolves cleanly. Now you're running their code. The import that "didn't exist" yesterday exists today, on purpose, and it's hostile.

This is the genuinely dangerous failure mode. A typo you catch in five seconds. A plausible package name that silently resolves to someone's payload is the kind of thing you don't catch until it's in production.

## Why "just tell it not to" doesn't work

The thread is full of the usual advice. Write better prompts. Tell it not to make mistakes. Set warnings as errors. Get a checker.

The first two are wishful thinking. You can't prompt a probabilistic system into being deterministic about facts it doesn't have. The last two are closer, but a generic linter flags the symptom (an unresolved import) without understanding the cause. Was the dependency simply never added to the manifest? Is it an internal module the linter can't see? Or does this package genuinely not exist anywhere on Earth? Those three cases look identical to a dumb checker and need completely different responses. (It's the same reason [self-review doesn't catch an AI's plausible-looking mistakes](https://www.surmado.com/blog/why-vibe-coders-need-an-automated-code-reviewer/): the thing that wrote the code can't be the only thing that checks it.)

That's the gap [Surmado Code Review](https://www.surmado.com/review/) was built to close.

## How we actually catch it: deterministic checks plus judgment

The fix isn't a smarter model. It's not asking the model the factual question in the first place.

Deterministic checks do the knowing. On every pull request, Surmado Code Review resolves each import in the diff against ground truth: your lockfile, your manifest, your installed modules, the standard library, your internal packages. This step doesn't guess. A package either resolves or it doesn't. If `super-fast-parser` shows up in the diff and resolves to nothing in your dependency graph and nothing on the registry, that's a fact, not an opinion. No hallucination is possible here, because nothing is being generated. It's a lookup.

Scout does the judging. Once the facts are in hand, the model does what models are genuinely good at: triage and explanation. It tells the difference between "you forgot to add this to package.json" and "this module does not exist, and the closest real one is named differently." It dedupes. It points you at the import you almost certainly meant. And it escalates the scary case: this name resolves to a package published three days ago that nothing else in your ecosystem references. That's the slopsquatting smell, and it's exactly the judgment call a plain linter can't make.

Neither half works alone. Deterministic checks without judgment are noisy and can't explain themselves. A model without deterministic grounding is just another thing that hallucinates imports, now reviewing your hallucinated imports. Put them together and you get what everyone in that thread actually wanted: certainty about what's real, plus judgment about what to do.

## Where it runs

Surmado Code Review comments on your pull requests. It checks the diff against your team's STANDARDS.MD and flags invented imports before they merge, not after they've quietly broken a teammate's branch or pulled in a package nobody vetted. One comment per PR, anchored to your rules, edited in place when you push a fix. It's the layer between "the AI wrote it" and "it's in main."

## Get it free

We built this because the imports-that-don't-exist problem was wasting our own time, and the supply-chain version of it genuinely scared us. We run it on our own repos now; [here's how we built it](https://www.surmado.com/blog/how-we-vibe-coded-an-ai-code-review-tool/). So we're not putting it behind a wall.

Surmado Code Review is free for 10 PRs a month. Connect it to a GitHub repo, write a STANDARDS.MD (Scout helps you draft one from a conversation, like explaining your codebase to a new teammate), and it starts catching hallucinated imports on your next PR. Past that, it's $15 a month for 100 PRs. No per-seat pricing. Zero data retention.

Your AI is going to keep making up imports. You don't have to keep merging them.

[Try Surmado Code Review free](https://www.surmado.com/review/)

---

**Related Reading:**

- [How a Google Engineer Uses Surmado to Keep Gemini Honest](https://www.surmado.com/blog/how-a-google-engineer-uses-surmado-to-keep-gemini-honest/)
- [The 5 Best CodeRabbit Alternatives in 2026](https://www.surmado.com/blog/best-coderabbit-alternatives-2026/)
- [Code Review Isn't Just for Engineers Anymore](https://www.surmado.com/blog/code-review-isnt-just-for-engineers-anymore/)
- [Compare all code review tools](https://www.surmado.com/compare/)