feature request - typosquatter detection

[frymawe]

Would it be possible to do a download count comparison against names with low hamming distances to the dependency in question to see if any of them have significantly higher download counts? This could raise a flag to investigate further. If another package is found with a name that differs only by _ with far more downloads, for instance, the crate depression issue would have been more obvious.

[dpc]

It is possible, but seems like a lot of hassle for for minimum gain. cargo crev verify --show-all will already show usage counts, and a typosquatted crate will stand out significantly there.