It does at least partially solve the problem of "typosquatting" where installing `anglar` could potentially be a malicious version. It makes it more obvious when it's happening (oh, you setup the `anglar` and created a ton of typo'd packages with a few lines changed each? That's probably safe to ban...)

It also allows those orgs to group "sibling" or sub-packages under their main name. So I know that `@angular/cool-angular-plugin` is actually from angular.

I get the benefits of namespacing. I'm just not sure making it mandatory solves any issues. For example, what's stopping someone from publishing `@developit/greenlet` or `@greenlet/greenlet` without owning the respective org/username in github?

Nothing is stopping that.

But for the downside of "having to type a little bit more", I think it's more than useful enough at what it does fix/solve.

In other words, it solves between 0 and "a bunch" of problems for packages, and the downside is fixed at "needs to type a little more".

Even in the worst case, it's not that much harm, but in the best case could prevent exploits.

Each of those organizations has a number of other projects alongside the main ones. This seems like a good outcome since it allows them to easily refactor things into separate repos or manage support tools rather than having inertial pressure making it easier to lump things into a single main project.

Is that such a bad thing? Slightly redundant, but that seems more aesthetic than anything.