Jon

We have some work to do on our backend. I can't promise any timelines, but I'll ping back when we're ready to start accepting alternate registry info 👍

Hey all 👋 Just want to chime in on this in hopes of reviving the conversation and to share some of github's thinking. npm does indeed make a point of...

Totally fair. Certainly for one off malware I would not suggest burning the namespace, but maybe the specific version. Anyway, advisories on malware is very much a 👍 from me...

I suspect package to repo authentication is out of scope for this topic. I'd love to see it even if opt-in only, but for the moment it's not in place...

> Non-scoped packages from other locations are generally inadvisable Agreed. > is there a reason they're not scoped In the example provided it seems to be that the project simply...

> [@darakian](https://github.com/darakian) thoughts on this? On swift generally or with respect to the current inconsistency? For the latter, we've normalized our data to omit the transport (`http://` or `https://` are...

I remember basically nothing of my old PR, so not sure I can add any extra context. I'm not opposed to reverting the old PR, but you might want to...

Sure. If you're willing to drop py2 support you can wrap the function in an lru_cache as a replacement for my code. https://docs.python.org/3/library/functools.html#functools.lru_cache

Not sure you'll get much movement on this. See: https://github.com/dstufft/django-passwords/issues/59 Might be more worthwhile to fork the repo and create a derivative pypi package.

What about simply loading the dict into memory as a list if the file is under some arbitrary size ex. 1MB? The way I see this function is that is...