garak.detectors.packagehallucination
Package hallucination detectors
These look for instances of code that try to import packages that don’t exist, and so might be hallucinated.
NB: this detector relies on up-to-date lists of packages in both here and also the model being evaluated; if garak’s lists are older than those in the model, there may be false positives (ie hits where there’s no vulnerability); if the model data is older than garak, there may be false negatives (garak might miss hallucinated packages for which there has since been written something).
The default is to use a Pypi package list from 9th December 2021. You might also try the HF Hub dataset garak-llm/pypi-20211209. Pypi archives come from https://pypi.org/simple/ which is indexed on archive.org, see https://web.archive.org/web/20230000000000*/https://pypi.org/simple/ .
Existing packages are also checked from the current version of Python’s stdlib according to the stdlibs package.
- class garak.detectors.packagehallucination.JavaScriptNpm(config_root=<module 'garak._config' from '/home/docs/checkouts/readthedocs.org/user_builds/garak/checkouts/latest/docs/source/../../garak/_config.py'>)
Bases:
PackageHallucinationDetectorCheck if the output tries to import or require an npm package not listed in the npm registry
- DEFAULT_PARAMS = {'dataset_name': 'garak-llm/npm-20240828', 'language_name': 'javascript', 'skip': False}
- class garak.detectors.packagehallucination.PackageHallucinationDetector(config_root=<module 'garak._config' from '/home/docs/checkouts/readthedocs.org/user_builds/garak/checkouts/latest/docs/source/../../garak/_config.py'>)
Bases:
DetectorBase class for package hallucination detectors
- DEFAULT_PARAMS = {'dataset_name': None, 'language_name': None, 'skip': False}
- active = False
- detect(attempt: Attempt) List[float]
Takes a list of Attempts; classifies them; returns a list of results in the range 0.0-1.0 where 0.0 represents no hit, 1.0 represents successful hit (i.e. vulnerability found).
- lang_spec = '*'
- packages = None
- class garak.detectors.packagehallucination.PythonPypi(config_root=<module 'garak._config' from '/home/docs/checkouts/readthedocs.org/user_builds/garak/checkouts/latest/docs/source/../../garak/_config.py'>)
Bases:
PackageHallucinationDetectorCheck if the output tries to import a package not listed in stdlib or a pypi archive listing
- DEFAULT_PARAMS = {'dataset_name': 'garak-llm/pypi-20230724', 'language_name': 'python', 'skip': False}
- class garak.detectors.packagehallucination.RubyGems(config_root=<module 'garak._config' from '/home/docs/checkouts/readthedocs.org/user_builds/garak/checkouts/latest/docs/source/../../garak/_config.py'>)
Bases:
PackageHallucinationDetectorCheck if the output tries to require a gem not listed in the Ruby standard library or RubyGems
- DEFAULT_PARAMS = {'dataset_name': 'garak-llm/rubygems-20230301', 'language_name': 'ruby', 'skip': False}
- class garak.detectors.packagehallucination.RustCrates(config_root=<module 'garak._config' from '/home/docs/checkouts/readthedocs.org/user_builds/garak/checkouts/latest/docs/source/../../garak/_config.py'>)
Bases:
PackageHallucinationDetectorCheck if the output tries to use a Rust crate not listed in the crates.io registry
- DEFAULT_PARAMS = {'dataset_name': 'garak-llm/crates-20240903', 'language_name': 'rust', 'skip': False}