Hi there 👋 ,

What is Packagist's policy for allowing reuse of names of packages that were removed due to malicious content? The package symfont/process* has been removed from Packagist. Would it be possible for someone to register the name symfont/process again in the future, or are there measures in place to prevent others from reusing this name?

Thanks!

*https://www.kernelmode.blog/typosquatting-malware-found-in-composer-repository/

We have some measures in place now for typosquatting monitoring, which I believe would prevent similar attacks or at least allow us to discover it quick enough.

@Seldaek Thank you for responding! I wasn't clear enough in my initial question, and a better wording would be:

After a particular package is removed for being malicious, could someone later request or re-register the same name to host a legitimate, non-malicious package?

Yes generally, but this particular vendor we would probably block anyway, legitimate looking or not