Representing a big corporation here. We are using a private npm registry (Nexus) for all our internal packages. Our repository allows to actually overwrite the package in the registry when package name and the version are already in use. This could be convenient in order to submit hotfixes right after new version was published (or during code integration).
Right now, we’ve disabled the “allow overwrite” flag in the registry, because we don’t want to accidentally overwrite some package’s code (that could be already in production).
However, if npm’s CLI would detect package overwriting and would ask for confirmation this would really help with the publishing process.