module name spam filter false positive

registry

(Dominic Tarr) #1

What I Wanted to Do

publish a module “is-canonical-base64” with readable punctuation

What Happened Instead

I got an error message about a spam filter,

npm http request PUT https://registry.npmjs.org/is-canonical-base64
npm http 403 https://registry.npmjs.org/is-canonical-base64
npm ERR! publish Failed PUT 403
npm ERR! code E403
npm ERR! Package name triggered spam detection; if you believe this is in error, please contact support@npmjs.com : is-canonical-base64

Reproduction Steps

After publish failing, I checked for related module names, such as variants of is-canonical-base64. I couldn’t find any, then I tried publishing a different name. Okay, I got curious to see what worked and what didn’t. I successfully published iscanonicalbase64, and canonical-base64, and reversable-base64. It’s hard to say what works or not, but maybe is-X-base64

these worked:

  • canonical-base64
  • reversable-base64
  • iscanonicalbase64
  • is-something-something (too many hyphens? no, was allowed)
  • is-this-base64

these didn’t work:

  • is-cannonical-base64 (spelling mistake I had originally)
  • is-reversable-base64
  • is-something-base64

npm search doesn’t return any results for “canonical base64” except https://www.npmjs.com/package/canonical-base64 (which I published after is-canonical-base64 publish failed)

Details

I later discovered https://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry after searching on this forum (which web search results for “npm spam” didn’t return earlier) based on what that blog says, I don’t understand why the original is-canonical-base64 publish didn’t work, if iscanonicalbase64 was allowed later?

Platform Info

$ npm --versions

{ npm: '5.6.0',
  ares: '1.10.1-DEV',
  cldr: '32.0',
  http_parser: '2.8.0',
  icu: '60.1',
  modules: '57',
  napi: '3',
  nghttp2: '1.32.0',
  node: '8.11.4',
  openssl: '1.0.2p',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.19.1',
  v8: '6.2.414.54',
  zlib: '1.2.11' }

$ node -p process.platform

linux