
Npm: New Package Moniker Rules - grajaganDev
http://blog.npmjs.org/post/168978377570/new-package-moniker-rules
======
krapp
>If you are publishing a new package—that is, a package that has not been in
the registry before—we remove punctuation from its name and compare it to
existing package names. If the names are identical without punctuation, we do
not allow the package to be created.

Simply checking the name without punctuation seems too simple. What about a
similarity check? Hamming distance? Is there something like metaphone for
_visual_ similarity between words?

Also good on them for suggesting using namespaces but since that apparently
exists and they're admitting that it helps disambiguate packages, _why not
just make it mandatory?_

------
ro-laren
I think what could make the npm ecosystem more trustworthy is if there was a
system to “verify” packages similar to how twitter verified accounts.
Essentially a package like “react-native” would have a symbol indicating that
the npm corporation verified it was owned by Facebook. Perhaps the CLI could
then also warn you when you install an unverified package.

