That solves impersonation, but that is not a related problem here.
These repos were not taken over but cloned and made to look like another repo via similar naming.
I think what you're looking for is more "all accounts must be verified via payment/identity" then you really know who is making "random clones" and "look-a-likes" w/ malware.
But you've got a whole host of other problems in the process.
