For the love of God, use verifiable package namespaces already.
With package namespaces, you can call your package anything you like that sounds like you're the real thing - lodash-2, lodash-the-one-and-only, lodash-mccloud-of-the-clan-mccloud, go nuts.
But for as long as you don't control lodash.com, then you can't publish your package under the com.lodash namespace, so it's obvious you're not the actual Lodash team.
Baffles me no end. I have no idea why PyPi and Cargo and probably so many others don't do this either, it removes an entire class of supply chain risk, and also prevents people creating dumb packages just to squat on the "good" package names.
With package namespaces, you can call your package anything you like that sounds like you're the real thing - lodash-2, lodash-the-one-and-only, lodash-mccloud-of-the-clan-mccloud, go nuts.
But for as long as you don't control lodash.com, then you can't publish your package under the com.lodash namespace, so it's obvious you're not the actual Lodash team.
Baffles me no end. I have no idea why PyPi and Cargo and probably so many others don't do this either, it removes an entire class of supply chain risk, and also prevents people creating dumb packages just to squat on the "good" package names.