When I npm publish my package I get:
403 Package name triggered spam detection
What is this? How do I not trigger spam detection? Where are the guidelines?
my package name is node-template-2018
but obviously it looks like I will have to rename this
They are trying to block "typo-squatting" and new names that could be confused for existing packages. Since there is a "node-template" package, it makes sense that adding a dash and a year ("2017", "2018") would score high for getting blocked. I'd think node-template-18 would score pretty high too, but using any existing name with a dash and a recent year seems almost guaranteed to get blocked.
Here's a post from NPM about why they are blocking some names as spam: https://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry?_ga=2.194615085.1031845233.1547144890-1639781483.1547144890
According to that they were using Smyte for spam detection. Smyte shutoff their APIs 30 minutes after announcing their acquisition by Twitter (see NPM's reaction!), so maybe they're using something else now.
I don't see anything specific about how they determine what to block, but based on the comments above and my own experience any existing package name combined with dashes and numbers seems to be suspect. Exactly what will trigger getting blocked isn't something they are likely to share (and is likely to change over time).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With