There's plenty of places/ways to distribute software anonymously. And depending on software from an anonymous identity with no trust that the registry verified who they were or if subsequent publications came from the same entity is an attack vector.
There is a time and place for anonymity, but I don't think a dependency registry is one of them (most of the time). And I think if you're going to make a new registry, such verification is a way to make yourself different.
> if subsequent publications came from the same entity
The way you do that is by having signed packages. Gov IDs don't help with that, unless the registry verified the ID every time you published an update, which is impractical (unless you have a smart ID card, but most governments don't issue those).
There is a time and place for anonymity, but I don't think a dependency registry is one of them (most of the time). And I think if you're going to make a new registry, such verification is a way to make yourself different.