Comment by estebank
3 hours ago
1) Trawl registry for packages owned by domains.
2) Note expired domains and register them yourself.
3) Supply chain compromise.
That, and not wanting people to fork out money for a domain as a requirement to participate in the ecosystem.
$10/year is too high a price when I spend that much on my morning Starbucks order…
In my personal opinion, if a rogue actor can compromise your project by buying you the equivalent of a beer and a pizza, I don't think anyone should trust you as a dependency to any extent.