jimhester
commented
5 years ago I don't think it is really feasible to do generally in remotes, but you can avoid it by using install_dev() rather than install_github() assuming you have the CRAN package installed.
Also GitHub has some protections in place to prevent blatant impersonations of orgs at least, as Colin Gillespie mentions in his UseR talk about this issue and other similar concerns https://www.youtube.com/watch?v=5odJxZj9LE4
I have no sense for whether this is feasible/worth doing but I'm not the only person it's occurred to--could remotes support typo-squatting detection?