An idea for typo squatting would be to compute the Levenshtein distance with package names of standard library and top 100 most popular PyPI packages, and require to contact a moderation team if the name is too close to an existing package. The moderation team will review the email, but also watch the package during 1 month to check if everything seems fine.
It requires to have a list of all package names of the standard library, and maintain an up to date list of popular PyPI package names. It also requires to set up a mailing list, and tooling to report the error message to users, and then give moderators the right to create the package. I'm not sure that it's easy to implement it. Victor _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
