Marketing links to npm scoped packages potentially ambiguous?

I was just adding for enterprise marketing link to @istanbuljs/schema, I noticed that the link is potentially ambiguous. What happens if someone publishes a package named istanbuljs-schema? Do they take over referrals from my package or do referrals for their package come to me?

@coreyfarrell thank you for this great question! We generate unique links for each package and we also double check all links/packages are assigned to the correct lifter(s) every month prior to issuing payment.

So does this mean that I have to check each link given on the Tidelift task page before adding them to my project? What if an istanbuljs-schema package was already lifted, would my link have a unique identifier added to make it different?

No need to check the links provided on the task page before adding them to your project. And yes, if package names are the same or very similar the link would have a variation to ensure it’s linking correctly.

@coreyfarrell this is something I’ve had in the backlog for some time. I’ve linked this thread in our issue tracker for further visibility. Thanks for letting us know!

@coreyfarrell I just noticed that engineering landed a fix for this! We now convert any @ to . instead of -.

I don’t believe we’ve migrated any page that was previously generated, but this should be taken care of going forward.