There will be a new way of publishing packages, which will involve approving the publishing using a Safe.
To identify if a package is verified:
Look for the signature inside the package and check if the public key is among the trusted ones (current method)
If there is no signature inside the package, check if any of the developer addresses (or, maybe, owner addresses) is a Safe. In case it is, perform a call to a function that returns whether the package has been authorized by it.
There will be a new way of publishing packages, which will involve approving the publishing using a Safe.
To identify if a package is verified: