Reply to post: Re: flat namespace is type squatting friendly.

Typo-squatting NPM software supply chain attack uncovered

John Brown (no body) Silver badge

Re: flat namespace is type squatting friendly.

"NPM might also require a two or three character distance difference between any new account and any existing one."

I'd think that would the best option as a first choice, primarily because it will also preclude accidental typos from happing in many cases, let alone malicious one. Something that should be fairly easy to block programmatically, at least for new names. There will be cases of people wanting a very similar name, but that should be limited, in the first instance, to those people who already own the original name. Of course, enforcing this properly will also require more humans to check and arbitrate for genuine name clashes and that costs money so it either won't happen or it will be entirely automated leading to disastrous "unforeseen" consequences.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon