{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigz2allgdagsycpnadsaqaayxff57e2vrlvrjpr4za25hmhevfs4q",
    "uri": "at://did:plc:ivbknywyskln22er3nkssdhl/app.bsky.feed.post/3mkgzjcuzp6s2"
  },
  "path": "/t/pre-rfc-dns-domains-as-package-namespaces/24202#post_14",
  "publishedAt": "2026-04-27T01:01:18.000Z",
  "site": "https://internals.rust-lang.org",
  "textContent": "> NPM already had a wave of supply chain attacks via custom domains with lapsed registration. An attacker would register the domain immediately after it expires, then use the account recovery via email to take control of the account.\n\nNPM doesn't support domains as package namespaces, account takeover affects packages regardless of whether they're namespaced or not, and package namespaces are unrelated to security measures put in place to prevent account takeover.",
  "title": "[Pre-RFC] DNS domains as package namespaces"
}