Is it possible to protect or reserve a package name on PyPi?

The company I work for provides a python package that is not hosted on pypi at the moment due to some licensing uncertainties. It can be installed from our own servers using pip, but if a user forgets to use --extra-index-url when installing, it would first search pypi which would open an attack vector if someone creates a malicious project with the same name.

Until we know if we’re able to host it on pypi, is there any way to reserve a package name to prevent this from happening?

If we were to submit a placeholder project, according to the “Invalid projects” section of PEP 541, this seems it would be considered name squatting. Is that correct?

Hi Brian, we can have PyPI block registration of the package name in question, email admin@pypi.org with details.