Library Hallucinations in LLMs: Risk Analysis Grounded in Developer Queries
Lukas Twist, Jie M. Zhang, Mark Harman, Helen Yannakoudakis
TL;DR
This study investigates how developer-like prompts influence library name and library member hallucinations in LLM-generated Python code. It employs a three-experiment pipeline across seven production LLMs using BigCodeBench-derived tasks to quantify effects from time-based prompts, realistic language, and user mistakes, as well as four prompt-engineering mitigations. Key findings show that year-based prompts and minor prompt errors can trigger substantial hallucinations (up to 84% THR for some prompts and up to 99% usage for fake libraries), while adjective-based prompts have little effect; mitigation via prompt engineering is inconsistent and model-dependent. The work delivers practical defenses, introduces LibraryHalluBench for reproducible research, and highlights the need for prompt-only safeguards to counter typosquatting and slopsquatting risks in real-world software development.
Abstract
Large language models (LLMs) are increasingly used to generate code, yet they continue to hallucinate, often inventing non-existent libraries. Such library hallucinations are not just benign errors: they can mislead developers, break builds, and expose systems to supply chain threats such as slopsquatting. Despite increasing awareness of these risks, little is known about how real-world prompt variations affect hallucination rates. Therefore, we present the first systematic study of how user-level prompt variations impact library hallucinations in LLM-generated code. We evaluate seven diverse LLMs across two hallucination types: library name hallucinations (invalid imports) and library member hallucinations (invalid calls from valid libraries). We investigate how realistic user language extracted from developer forums and how user errors of varying degrees (one- or multi-character misspellings and completely fake names/members) affect LLM hallucination rates. Our findings reveal systemic vulnerabilities: one-character misspellings in library names trigger hallucinations in up to 26% of tasks, fake library names are accepted in up to 99% of tasks, and time-related prompts lead to hallucinations in up to 84% of tasks. Prompt engineering shows promise for mitigating hallucinations, but remains inconsistent and LLM-dependent. Our results underscore the fragility of LLMs to natural prompt variation and highlight the urgent need for safeguards against library-related hallucinations and their potential exploitation.