I can relate my experiences here: Opam local switches seem pretty heavy-weight
In fact since then I’ve been using Esy quite a lot and, it really shines at allowing fast iteration and experimentation. E.g., tonight I switched between different branches of a project locally and tried out different different sets of dependencies to try to track down a bug. Esy cached the builds of all these dependencies, with different versions, and let me switch back and forth and run them instantly.
As far as I can tell opam local switches are per-directory (please correct me if I’m wrong here) so switching branches like this would, first of all, require remembering to also use the correct opam switch, and then trigger a re-download and rebuild of all deps each time. Although I suppose I could start up a new clone or git worktree for the experiment branch. Point is there would be added friction here.
About typo-squatting, I really like npm’s approach (now adopted by Clojure officially I believe) of having a ‘scope’ namespace, with user or organization name being the scope. So under this system even if someone is typo-squatting a name you like, it would still be scoped to their username, and you could use the same project name under your username, and users would tell them apart based on the username/org name.