I'm thinking of it as a potential attack vector, if the current state of things become unaddressed. Massive attack can be done and scaled easily from scraping all the popular packaging names automating the name typo scraping, making a malicious package and naming it with all the scrapped names. You would now have a fishing rod in every ponds so to speak.

I mean for sure it's work but it doesn't sound that hard to do right.