[dumbmatter]

Our first action, which began immediately after the incident concluded, was to implement a 24-hour cooldown on republication of any deleted package name.

Why not infinity hours? I don't get it.

[Vinnl]

If it's a spam package that gets deleted, that would mean you'd quickly run out of available names.

[h1d]

Why can't they just reuse when it is apparent the case is harmful (as in, people complain and check number of downloads and dependent packages) by blocking the name and disallow reuse for any other cases?

[Vinnl]

Hmm, I'm not sure if I can follow your question, but I'm guessing that they're already planning to do what you want?