Mass name squat by user: owlvin #10025
Description
PyPI user performing the mass project name squatting
Additional information
This user bulk-registered 63 packages within a ~24-hour window on March 17–18, 2026.
Brand-name squatting (~43 packages): Package names appropriating well-known luxury, automotive, and consumer brand names — gucci, prada, ferrari, lamborghini, bentley, rollsroyce, louisvuitton, cartier, balenciaga, nike, cocacola, iphone, doordash, lyft, etc. These are described as "thin wrappers re-exporting existing MCP servers" and have no relation to the brands whose names they occupy.
Generic verb/noun squatting (~13 packages): Common action-word names like scanning, resolving, fetchpage, readpage, readsite, uptimecheck, convertdoc, etc.
Evidence of no meaningful functionality:
- All packages are version
0.0.1 - Distribution sizes are ~1 KB (e.g.,
gucci-0.0.1-py3-none-any.whlis 1.1 KB) - No source distributions available
- No project descriptions provided ("The author of this package has not provided a project description")
- No source repositories linked
- The "luxury brand" packages claim to be utility/MCP tool packages but contain only trivial re-exports
This appears to be systematic namespace hoarding under PEP 541 ("project is name squatting — package has no functionality or is empty"). The brand-name packages may also raise concerns under the IP/trademark provisions.
Code of Conduct
- I agree to follow the PSF Code of Conduct