Obviously way too easy to take over these 'orphaned' packages if it can be done in an automated manner. GitHub/NPM/etc doesn't have this issue, they need to stop equivicating. Sounds more like an anonymous FTP site.

This.

Who needs social engineering NPM maintainers when there are thousands of freebie AUR ones.