Hacker News new | ask | show | jobs
by richbell 974 days ago
They reduce the risk of supply chain attacks like typo squatting or Dependency confusion.
2 comments
littlestymaar 972 days ago
Funnily enough, they in fact increase it.
link
carols10cents 974 days ago
Namespaces can't be typosquatted?
link
richbell 974 days ago
I don't believe I said that.

The point is that it's much easier to make a mistake typing "requests" than " org.kennethreitz:requests" (as a pure hypothetical.)

It also means that more than one project can have a module called "utils" or "common", which once again reduces the risk of people accidentally downloading the wrong thing.

link
littlestymaar 972 days ago
> The point is that it's much easier to make a mistake typing "requests" than " org.kennethreitz:requests" (as a pure hypothetical.)

Sorry what? It's strictly the opposite: more character to type equals more risks to make a mistake.

In fact, in the general case, namespace increase the risk of supply chain attacks, because it makes packages names even less discernable.

link