403 "Package name too similar to existing package redis" when publishing redisvl

[booleanhunter]

🏷️ Discussion Type

Question

Body

Hello NPM / Github Support Team,

I'm requesting a manual review of an automated name-similarity block preventing us from publishing the package name redisvl.

My npm username is booleanhunter. I'm publishing on behalf of Redis Inc. (the maintainers of the existing redis package on npm). I'm hitting the typosquat similarity check when trying to register a new package name redisvl.

This is not a typosquatting attempt. redisvl is the established name for the Redis Vector Library across languages, maintained by Redis Inc. We maintain it under the same name on every package registry so that users working across our SDK ecosystem (Python, Java, and now TypeScript) have a single, consistent name to learn, search for, and install.

Summary of the issue

• Attempted package name: redisvl
• Blocked with: "Package name too similar to existing package redis"
• Current workaround: @redis-developer/redisvl (or @redis/redisvl)
• Desired outcome: approval to publish un-scoped package redisvl

The exact error from npm publish:

403 Forbidden - PUT https://registry.npmjs.org/redisvl
Package name too similar to existing package redis;

Impact

• Forces use of a scoped package instead of the canonical name
• Adds friction for developer adoption (longer install string, harder to search for)
• Creates inconsistency with our PyPI and Maven packages, which are both canonically named redisvl
• Documentation, blog posts, conference talks, and branding all reference the library as redisvl regardless of language. A scoped npm name breaks that parity

Request

• Please review and override the similarity block for redisvl, or
• Clarify what criteria would allow approval
• Additionally, if we need to raise a support request at https://www.npmjs.com/support, could you clarify which dropdown to select? (The dropdown "I want to claim a username, organization name, or package name" points to a submission form for an issue unrelated to ours).

Given the choice between redisvl and a scoped name like @redis/redisvl, we'd really prefer just redisvl so it's easier and familiar for users to find and install. The shorter, un-scoped name matches what they already know from our other language SDKs and from documentation.

Could you please consider overriding the similarity block and granting my account publish rights? I'm happy to provide any additional verification you need.

Proof of ownership

• RedisVL for TypeScript - repository owned by Redis Developer Organization, and part of Redis, Inc
• I'm a member of Redis Developer Organization
• Support request sent via official work email to support@npmjs.com

[theammarngp-makes]

The 403 Forbidden error occurs because PyPI  (and other registries like npm) has strict anti-typosquatting policies that prevent publishing new packages with names too similar to existing, popular ones. Since a redis package already exists, the name redisvl is being flagged as potentially confusing or malicious,Since a redis package already exists, the name redisvl is being flagged as potentially confusing or malicious.
Why this is happening
Normalization Rules: PyPI normalizes names by converting them to lowercase and removing punctuation (hyphens, underscores, dots). If your proposed name matches an existing one after these steps, it is blocked.
Similarity Heuristics: Beyond exact matches, Warehouse (the software powering PyPI) uses "ultranormalize" functions to replace similar characters (e.g., replacing 'L' or 'I' with '1') to prevent typosquatting .