pypi / support

Issue tracker for support requests related to using https://pypi.org
95 stars 47 forks source link

Mass name squat by user: Collie #791

Closed hentai-chan closed 2 years ago

hentai-chan commented 3 years ago

I'd like to submit multiple projects from the same user to the PyPI team for violating PEP 541 by accusing Collie of being guilty of name squatting on more than one occasion. I don't wish to take ownership of any of these project names at the moment. My intention is to reclaim these names back for the community.

Project to be claimed

  1. PROJECT_NAME: https://pypi.org/project/solidarity
  2. PROJECT_NAME: https://pypi.org/project/author
  3. PROJECT_NAME: https://pypi.org/project/method
  4. PROJECT_NAME: https://pypi.org/project/maintainer
  5. PROJECT_NAME: https://pypi.org/project/sharper
  6. PROJECT_NAME: https://pypi.org/project/sharpen
  7. PROJECT_NAME: https://pypi.org/project/ue
  8. PROJECT_NAME: https://pypi.org/project/cz
  9. PROJECT_NAME: https://pypi.org/project/ce
  10. PROJECT_NAME: https://pypi.org/project/vs
  11. PROJECT_NAME: https://pypi.org/project/doer
  12. PROJECT_NAME: https://pypi.org/project/lolita
  13. PROJECT_NAME: https://pypi.org/project/strategy
  14. PROJECT_NAME: https://pypi.org/project/nanshan
  15. PROJECT_NAME: https://pypi.org/project/peking
  16. PROJECT_NAME: https://pypi.org/project/shanghai
  17. PROJECT_NAME: https://pypi.org/project/shenzhen
  18. PROJECT_NAME: https://pypi.org/project/sz
  19. PROJECT_NAME: https://pypi.org/project/luminary
  20. PROJECT_NAME: https://pypi.org/project/victory
  21. PROJECT_NAME: https://pypi.org/project/approach
  22. PROJECT_NAME: https://pypi.org/project/apps
  23. PROJECT_NAME: https://pypi.org/project/appx
  24. PROJECT_NAME: https://pypi.org/project/prosperity
  25. PROJECT_NAME: https://pypi.org/project/prosper
  26. PROJECT_NAME: https://pypi.org/project/thrive
  27. PROJECT_NAME: https://pypi.org/project/rios
  28. PROJECT_NAME: https://pypi.org/project/prominent
  29. PROJECT_NAME: https://pypi.org/project/eminent
  30. PROJECT_NAME: https://pypi.org/project/fskit
  31. PROJECT_NAME: https://pypi.org/project/ultra
  32. PROJECT_NAME: https://pypi.org/project/fsk
  33. PROJECT_NAME: https://pypi.org/project/extra
  34. PROJECT_NAME: https://pypi.org/project/keysys
  35. PROJECT_NAME: https://pypi.org/project/mainstream
  36. PROJECT_NAME: https://pypi.org/project/filter
  37. PROJECT_NAME: https://pypi.org/project/tough
  38. PROJECT_NAME: https://pypi.org/project/tech
  39. PROJECT_NAME: https://pypi.org/project/gradle
  40. PROJECT_NAME: https://pypi.org/project/center
  41. PROJECT_NAME: https://pypi.org/project/flyweight
  42. PROJECT_NAME: https://pypi.org/project/pku
  43. PROJECT_NAME: https://pypi.org/project/tbsi
  44. PROJECT_NAME: https://pypi.org/project/sigs
  45. PROJECT_NAME: https://pypi.org/project/tsinghua
  46. PROJECT_NAME: https://pypi.org/project/innovator
  47. PROJECT_NAME: https://pypi.org/project/innovation
  48. PROJECT_NAME: https://pypi.org/project/creation
  49. PROJECT_NAME: https://pypi.org/project/pepsys
  50. PROJECT_NAME: https://pypi.org/project/expert
  51. PROJECT_NAME: https://pypi.org/project/bazel
  52. PROJECT_NAME: https://pypi.org/project/enter
  53. PROJECT_NAME: https://pypi.org/project/soft
  54. PROJECT_NAME: https://pypi.org/project/ide
  55. PROJECT_NAME: https://pypi.org/project/scientific

Your PyPI username USER_NAME: https://pypi.org/user/hentaichan/

Reasons for the request I believe this request is reasonable because the projects are all empty and contain no code. They all have been created between April 12, 2020 and September 26, 2020, which further reinforces my suspicion that Collie is not acting in good faith.

Maintenance or replacement? Since there is no code to maintain (and I don't have the time nor resources to create as many projects all on my own), I suggest to make these names available again to anyone that wants to distribute code via PyPI under any of these project names.

Contact and additional research The author of these projects did not provide a way that would make it possible to reach out to him/her (see also: empty author tag in all these projects). None of these projects are hosted public (e.g. on GitHub or GitLab), which further increases the difficulty of contacting Collie.

kinow commented 3 years ago

This looks a lot like when people buy domains for parking, expecting to sell later. But not sure what's this user's intentions with so many empty repositories.

The folks working with security, could possibly run a weekly query, looking for users that created more than 2 or three empty repositories in the last week and flag them for inspection I think.

jpic commented 3 years ago

Confirming the issue, would like the apps namespace myself.

hentai-chan commented 3 years ago

In addition to my previous submission, I'd like to point out that Collie is still uploading empty packages as we speak. For the sake of completeness, please consider also removing the following packages from PyPI. It may also be necessary to terminate their account and ban their IP to prevent them from registering a new account:

  1. PROJECT_NAME: organization
  2. PROJECT_NAME: repository
  3. PROJECT_NAME: technology
  4. PROJECT_NAME: endeavor
  5. PROJECT_NAME: zeal
  6. PROJECT_NAME: development
  7. PROJECT_NAME: vkit
  8. PROJECT_NAME: softx
  9. PROJECT_NAME: advanced
  10. PROJECT_NAME: managed
  11. PROJECT_NAME: profession
  12. PROJECT_NAME: professional
  13. PROJECT_NAME: kano
  14. PROJECT_NAME: leader
  15. PROJECT_NAME: darling
  16. PROJECT_NAME: innovative
  17. PROJECT_NAME: expedition
  18. PROJECT_NAME: KeyLab
  19. PROJECT_NAME: is
  20. PROJECT_NAME: for
  21. PROJECT_NAME: 2021
  22. PROJECT_NAME: glory
  23. PROJECT_NAME: kun
  24. PROJECT_NAME: talent
  25. PROJECT_NAME: QiKun
  26. PROJECT_NAME: chn
  27. PROJECT_NAME: creative
  28. PROJECT_NAME: 16
  29. PROJECT_NAME: 256
  30. PROJECT_NAME: mature
  31. PROJECT_NAME: production
  32. PROJECT_NAME: collie
  33. PROJECT_NAME: Cyrus
  34. PROJECT_NAME: VersionX
  35. PROJECT_NAME: VersionLib
  36. PROJECT_NAME: VersionControl
  37. PROJECT_NAME: EVersion
  38. PROJECT_NAME: SemverX
  39. PROJECT_NAME: ESemVer
  40. PROJECT_NAME: PVer
  41. PROJECT_NAME: PSemVer
  42. PROJECT_NAME: TheVersion
  43. PROJECT_NAME: KVersion
  44. PROJECT_NAME: OVersion
  45. PROJECT_NAME: QVersion
  46. PROJECT_NAME: HVersion
  47. PROJECT_NAME: VersionTool
  48. PROJECT_NAME: ever
  49. PROJECT_NAME: evolutionary
  50. PROJECT_NAME: UVer
  51. PROJECT_NAME: UniformVersion
  52. PROJECT_NAME: NVersion
  53. PROJECT_NAME: XVersion
  54. PROJECT_NAME: VersionLab
  55. PROJECT_NAME: aggregation
  56. PROJECT_NAME: scientists
  57. PROJECT_NAME: geeks
nathancooperjones commented 3 years ago

I am hoping to open-source a library called collie to PyPI very soon, but the name is taken by this user. Just like all other 118 projects uploaded by this user, it is an empty library.

I am hoping we can remove this package and user soon.

https://pypi.org/project/collie/

yeraydiazdiaz commented 3 years ago

@nathancooperjones please open a separate PEP 541 request if you're interested in the name.

nathancooperjones commented 3 years ago

@nathancooperjones please open a separate PEP 541 request if you're interested in the name.

I've gone ahead and made that issue here - thank you!!

needs-coffee commented 3 years ago

this user is still uploading dozens of empty projects

di commented 2 years ago

Invalid namesquatting packages have been removed.