I was talking about this issue with a friend a while ago: If an LLM often hallucinates the same package name for a common problem you could copy an existing library, adapt the API to fit the hallucination, use the same hallucinated name and finally include a backdoor.
I’m not sure if you know this, but Python and JavaScript are different languages. Their libraries are different ecosystems, so that’s definitely a hallucination.
I was talking about this issue with a friend a while ago: If an LLM often hallucinates the same package name for a common problem you could copy an existing library, adapt the API to fit the hallucination, use the same hallucinated name and finally include a backdoor.
"They found that 8.7% of hallucinated Python packages were actually valid npm (JavaScript) packages"
So those package names are not really hallucinated, since the packages actuualy exist?
I’m not sure if you know this, but Python and JavaScript are different languages. Their libraries are different ecosystems, so that’s definitely a hallucination.
Yes, but the names are not hallucinated
They being python is the hallucination- the names exist in its training data
it's two different languages