Please allow publishing unscoped npm package zerct

[kriptoburak]

🏷️ Discussion Type

Question

Body

I am requesting review/approval to publish the unscoped npm package name zerct.

I tried to publish zerct@0.1.0, but npm rejected it with:

403 Forbidden - PUT https://registry.npmjs.org/zerct - Package name too similar
to existing package react; try renaming your package to '@burakbayir/zerct' and
publishing with 'npm publish --access=public' instead

This appears to be a false positive. Zerct is our brand for a Rust backend hosting platform and is not related to React.

Project details:

Product: Zerct
Website: https://zerct.com
App domain: https://zerct.app
GitHub organization: https://github.com/Zerct
Public package repository: https://github.com/Zerct/zerct
npm org/scope: @Zerct
X profile: https://x.com/zerctcloud
Requested unscoped package: zerct
Already published fallback: @zerct/zerct
npm owner: burakbayir

The package is a CLI for deploying Rust backends to Zerct. The intended command is:

npx zerct deploy

The package metadata and source are public, the package does not depend on React, and the name is not meant to confuse users about React.

Could npm review and allow the unscoped package name zerct for this brand?

[hzijad]

The npm registry uses an automated typosquatting protection algorithm that calculates the "Levenshtein distance" (character similarity) between new packages and highly popular ones.

Because zerct is only two letters off from react (and shares the exact same string length and vowel placement), the automated gatekeeper immediately flags it as a high-risk typosquatting target to protect users from malicious lookalikes. It's an annoying false positive, but it's purely algorithmic.

Since this is a public community forum and nobody here has the admin rights to manually override the registry's naming filters, you’ll need to open an official dispute ticket with the npm support staff to get the name whitelisted.

Here is the quickest way to get a human to review it:
-Head over to the official npm Support Portal.
-Select "Open a Support Ticket".
-Set the issue type to "Package Name Dispute / Typosquatting False Positive" (or general registry support).
-Paste the exact details you provided here. Explicitly highlight:
-Your Brand Identity: Point to zerct.com, zerct.app, and your official GitHub Org (github.com/Zerct).
-The Use Case: Explain it's a dedicated CLI for a Rust backend hosting platform, intended to be used as npx zerct deploy, and contains zero React dependencies.
-Good Faith Fallback: Mention that you've already published @zerct/zerct to prove ownership and lack of malicious intent.

Good luck and hope this helps!

[kailashv2]

This is likely an automated anti-typosquatting check rather than a judgment that your package is related to React.

Names can be flagged based on similarity to highly downloaded packages, and zerct may be close enough to react for the registry to treat it as potentially confusing even if the projects are unrelated.

Since you've already:

• Established a public brand (zerct.com, GitHub org, etc.)
• Published a scoped fallback package (@zerct/zerct)
• Shown a legitimate use case (npx zerct deploy)

you've already done most of the right things.

For now, continuing with @zerct/zerct keeps users unblocked while waiting for clarification from npm staff/community maintainers on whether there is a process for reviewing false positives. It would also help if anyone here has successfully resolved a similar package-name flag to share their experience.