Seems like identical approach to the npm phishing attempts. There was some good suggestions last time like locking down the ability to upload packages for a few days after a security change.