Consider rejecting packages using repository link that is already verified to another user
Opened this issue · 5 comments
to stop people from forking without updating the git repository
Could this be used to lock people out from publishing using their repo, by repo-squatting them?
Could this be used to lock people out from publishing using their repo, by repo-squatting them?
Assuming that the already published package needs to have a verified repository to block further packages (which is a strict check for cross-referencing both the package name and the repository location), this is not affected by repo-squatting.
Assuming that the already published package needs to have a verified repository to block further packages (which is a strict check for cross-referencing both the package name and the repository location), this is not affected by repo-squatting.
Ah I didn't get the part that it has to be verified. Updating title to clarify
Could this give conflicts for monorepos that are shared between multiple users?
How do we define "another user"? Does the new package has to have exactly the same set of uploaders, or just an overlapping set?