From 66553bfef3701b07082a443464a33a966955ace6 Mon Sep 17 00:00:00 2001
From: Brenn <brenn@dontbugme.com>
Date: Sun, 29 Mar 2026 18:51:21 +0200
Subject: [PATCH] =?UTF-8?q?Add=20sloppy-joe=20=E2=80=94=20multi-ecosystem?=
 =?UTF-8?q?=20dependency=20supply=20chain=20security?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 data/tools/sloppy-joe.yml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 data/tools/sloppy-joe.yml

diff --git a/data/tools/sloppy-joe.yml b/data/tools/sloppy-joe.yml
new file mode 100644
index 000000000..dfc03271c
--- /dev/null
+++ b/data/tools/sloppy-joe.yml
@@ -0,0 +1,25 @@
+name: sloppy-joe
+categories:
+  - linter
+tags:
+  - security
+  - package
+  - rust
+  - python
+  - javascript
+  - go
+  - ruby
+  - php
+  - java
+  - csharp
+license: Apache-2.0
+types:
+  - cli
+source: 'https://github.com/brennhill/sloppy-joe'
+homepage: 'https://github.com/brennhill/sloppy-joe'
+description: >-
+  Detect hallucinated, typosquatted, and non-canonical dependencies before they reach production.
+  Uses 11 mutation generators for typosquatting detection across 8 package ecosystems
+  (npm, PyPI, Cargo, Go, RubyGems, Packagist, Maven/Gradle, NuGet).
+  Catches AI-hallucinated packages, verifies dependency existence against live registries,
+  and checks OSV for known vulnerabilities. Designed as a supply chain security gate for CI pipelines.