You should probably claim/publish `pintora` as a npm package to prevent npm install malicious attack vector

[titanism]

Even if the package is empty, it could contain README with notes as to how to use pintora via @pintora scoped packages.

[hikerpig]

Ah I haven't considered that totally, thank you for the hint.