I haven't thought this through at all but are you aware of any package repositories that do something like levenshtein distance between package names maybe combined with a heuristic on common mistyped characters to not allow typosquatting?
They also have the concept of verified publishers[2], which is pretty neat (similar to Maven Central), and keep track of a score for each package (e.g. https://pub.dev/packages/darq/score) including up-to-date dependencies and result of static analysis.
brabel|4 years ago
They also have the concept of verified publishers[2], which is pretty neat (similar to Maven Central), and keep track of a score for each package (e.g. https://pub.dev/packages/darq/score) including up-to-date dependencies and result of static analysis.
Dart is doing a lot of things right.
[1] https://pub.dev/
[2] https://dart.dev/tools/pub/publishing#verified-publisher
Buttons840|4 years ago
Something like: you said "times", did you mean the older and more popular package "time"?