Re: flat namespace is type squatting friendly.
"NPM might also require a two or three character distance difference between any new account and any existing one."
I'd think that would the best option as a first choice, primarily because it will also preclude accidental typos from happing in many cases, let alone malicious one. Something that should be fairly easy to block programmatically, at least for new names. There will be cases of people wanting a very similar name, but that should be limited, in the first instance, to those people who already own the original name. Of course, enforcing this properly will also require more humans to check and arbitrate for genuine name clashes and that costs money so it either won't happen or it will be entirely automated leading to disastrous "unforeseen" consequences.
Biting the hand that feeds IT
