GitHub Package Manager

Squatters sit on a popular name
(Malicious) Code does not match what's on GitHub
The package is maintained by someone else, not the author of the code
GitHub is updated, but the author hasn't published the release to a package manager.