The Namespace Locusts

The Name Tells You Everything¶

Puma. Unicorn. Sinatra. Capybara. Nokogiri. Loco.

These names are absurd. They’re also the packages that survived a decade. Not because ruby-http-server was taken — it wasn’t. It was available. They chose weird names anyway. Because they had taste. Because they understood that a package name isn’t a search query — it’s an identity.

The namespace locusts don’t get this. They think descriptively. SEO-brained. “PUMA WEBSERVER” is harder to Google than “NEW RUBY SERVER” — which, inevitably, becomes new-ruby-server on the registry. And then new-ruby-server-2. And then new-ruby-server-fast. And then 847 variations of the same nothing, all discoverable, all useless.

The locusts don’t name things. They describe them.

The Numbers¶

Two million new packages were published across RubyGems, npm, and crates.io between 2023 and April 2026. npm accounts for 92% of that. But calling this “growth” is like calling a termite infestation “home renovation.”

On crates.io, 52.8% of crates published in 2025 were never updated. Not once. Published, abandoned, left to rot — digital litter on a public commons. On npm, a single automated worm — the IndonesianFoods Worm — published 67,000 fake packages. Each infected package contains a dormant script that, when triggered, publishes 17,000 more packages per day. In an infinite loop. A self-replicating locust swarm running on autopilot.

RubyGems grew by about 17,000 gems in three years. That sounds modest until you realize how many of those are my-first-gem-test-please-ignore.

The Descriptors¶

The naming pattern is the diagnostic.

ruby-webserver. fast-http-client. simple-auth-middleware. easy-database-orm. basic-json-parser. new-web-framework.

These aren’t names. They’re search queries someone typed into ChatGPT. They’re what happens when your entire engineering process is: describe what you want → accept whatever the LLM outputs → publish.

Real packages have identities. Nokogiri is a Japanese saw — because it cuts through HTML. Sidekiq is a sidekick — because it runs jobs alongside your app. Devise devises authentication. Capybara is a capybara — because the original author thought they were neat. Puma is fast. Unicorn is… honestly, I don’t know why it’s called that, but it’s been serving requests since 2009 and I don’t like the pink one on GitHub.

The locusts don’t have identities. They have descriptions. They never typed gem search mcp before typing gem push. If they had, they’d have found 82 results already there. The description is the entire creative process: tell an LLM what you want, accept the first name it generates, ship it.

Locusts Get Wings¶

Here’s the pipeline:

“Claude, build me a gem for MCP.”

The LLM doesn’t respond with “there are already 47 of these.” It doesn’t check. It doesn’t care. It builds the gem. Names it mcp-ruby-client. Generates the gemspec. Writes the README — a beautiful, grammatically perfect README for a package that does nothing the existing 46 don’t already do. You’re one gem push away from polluting the commons.

The friction that used to prevent this is gone. All of it.

Writing a gemspec by hand? Gone. Understanding how Bundler resolves dependencies? Unnecessary. Setting up CI? The LLM did it. Writing tests? The LLM wrote those too — tests that pass against nothing because the implementation is a thin wrapper around someone else’s work. The shame of publishing garbage? Hard to feel shame when a machine did the work and you just pressed enter.

The locusts have wings now. And they can fly at 17,000 packages per day.

The Gold Rush: MCP as Case Study¶

MCP — the Model Context Protocol — dropped in late 2024. By March 2026: 5,800+ servers on npm, 97 million monthly downloads. In sixteen months it matched React’s download numbers. That’s the legitimate ecosystem.

Now run gem search mcp. I’ll save you the trouble — 82 results. Here’s a taste:

mcp. mcp-rb. mcp-sdk. mcp-sdk.rb. mcp_lite. mcp_on_ruby. ruby-mcp-client. ruby_mcp. micro_mcp. tiny_mcp. zeromcp. fast-mcp. mcp-rails. mcp-on-rails. rails-mcp-server. rails_mcp_engine. webmcp-rails. rails-active-mcp. rails-dev-mcp.

Eighty-two gems. For a protocol that’s been public for sixteen months. Half of them are the same wrapper with different adjectives. The same 200 lines of code, duplicated across dozens of packages, each with a generated README that says “A simple MCP client for Ruby” with slight variations in adjective choice.

It’s not just MCP. Every time a new protocol drops, the swarm arrives within minutes. Not with implementations — with placeholders. A flag planted on a namespace by someone who heard a new word and raced to gem push before understanding what the word meant.

I know this firsthand. I built actionmcp — the Rails MCP toolkit. Named it following Rails conventions: ActionMailer, ActionCable, ActionText, ActionMCP. 54,000 downloads. Production-focused. Maintained.

Four months later, someone vibecoded a clone. Tried to publish it as actionmcp — my name. The LLM told him to rename it. So he published active_mcp instead. Got 200 upvotes on Reddit. A few weeks later, the repo was nuked. The gem is still on RubyGems — 10,000 downloads, pointing to a dead repository. A ghost package with a generated README, haunting the registry because RubyGems doesn’t clean up after the locusts leave.

That’s the lifecycle: vibe-code it, name it something descriptive, collect the Reddit karma, abandon it, leave the corpse on the registry for someone else to trip over.

The ACP protocol is another case study. The acp gem name? Squatted. acp_ruby? Squatted. acp_client_rb? Squatted. MadBomber — Dewayne VanHoozer, a guy who actually builds infrastructure — wanted to publish a working ACP implementation. Had to name it simple_acp. Not because he lacked creativity — because every obvious name was already claimed by people who contributed nothing. The real builder got pushed to the margins of his own namespace by locusts who arrived first and built nothing.

Speaking of MCP clients — Obie Fernandez recently released a production-grade Ruby MCP client. The gem name? super-fast-ultra-max-pro-mcp-client-v42. Because every shorter name was already taken.

Just kidding. It’s manceps. Latin for “contractor” — one who takes charge. You will never guess that name by describing what the gem does to an LLM. And that’s exactly the point.

Slopsquatting: The Predictive Locusts¶

It gets worse. There’s a term for this now: slopsquatting.

LLMs hallucinate package names. Your coding assistant invents a dependency called starlette-reverse-proxy. It sounds real. It follows naming conventions. It doesn’t exist. But an attacker registered it anyway — with malware inside. Waiting for an AI to recommend it to someone who doesn’t check.

The locusts aren’t just reactive anymore. They’re predictive. They squat names that don’t exist yet, betting that an LLM will eventually hallucinate them into a developer’s requirements.txt or Gemfile.

The food chain inverted. The AI creates the demand. The locust pre-supplies it. The developer installs it because the AI said to, and who questions the AI? The same person who didn’t search the registry before publishing — nobody.

Cross-ecosystem name borrowing makes it worse. An LLM trained on JavaScript docs suggests a Python package using an npm naming convention. It sounds legitimate. It isn’t. But someone squatted it anyway, just in case.

The Registry as Commons¶

Package registries were designed for a world where publishing required effort. You needed to understand your language’s packaging system. You needed to write metadata by hand. You needed to care enough to go through the process. That barrier wasn’t a bug — it was the immune system.

RubyGems: ~192,000 gems. npm: ~4 million entries. crates.io: 252,000 crates.

On crates.io, a single user created 104 crates purely to squat names and prevent others from using them. Not packages — reservations. Digital land grabs on a public commons.

On npm, dormant packages contain auto.js scripts that, when triggered, strip away privacy protections and publish new packages in an infinite loop — crypto farming against the TEA protocol, gaming a system designed to reward open source maintainers.

Sixty malicious RubyGems posed as social media automation tools — Instagram bots, Twitter schedulers, TikTok helpers. They worked as advertised. They also exfiltrated 275,000 sets of credentials to an external server. The functionality was the bait. The name was the hook. instagram-auto-poster — descriptive, obvious, exactly what a locust would name it.

The commons isn’t being shared. It’s being strip-mined.

The Landfill¶

So I built one.

pkg47.com — a real, functional parody registry for people who want the feeling of publishing without forcing every late-night AI experiment onto public infrastructure.

The rules are simple:

• All packages start at version 42.0.0. Because your thing isn’t a 0.1.0. It was never a 0.1.0.
• Inactive for 47 days? Your package enters the public domain. Someone else can claim it. You snooze, you lose the namespace you never deserved.
• Using “AI-powered” in your description? Rate-limited. You know what you did.
• READMEs require a minimum of 2 emoji. If you’re going to waste everyone’s time, at least make it colorful.
• Password resets don’t exist. You wait 47 days. Like grief.
• 47 downloads and you’re marked “trending.” Congratulations.

The whole thing runs on a 2011 Mac Mini in Morocco. FreeBSD. PostgreSQL. S3 in Bahrain with 47-day retention — your masterpiece auto-purges before it can do any lasting damage. Total infrastructure cost: $0.47/month in electricity.

The locusts get their playground. The real registries stay clean.

The Name Tells You Everything¶

The weird names survive because they represent intention. Puma. Unicorn. Sinatra. Capybara. Loco. Someone sat down, searched the registry, found that every obvious name was taken, and chose something with character. That process — the searching, the finding, the choosing — is the minimum viable discipline of open source.

Someone who names their package “Puma” did the work.

Someone who names it fast-ruby-http-webserver-v2 asked an LLM and hit publish.

The name is the diagnostic. The name is the filter. The name tells you whether the author spent five minutes understanding the ecosystem they’re publishing into, or whether they skipped straight to the dopamine of seeing their thing on a registry.

The namespace locusts will keep swarming. The AI tools will keep lowering the barrier. The registries will keep filling with descriptive nothing. But the signal is still there if you know what to look for.

The weird names are the signal.

Everything else is locusts.