> Then once things are fairly stable and well-understood, another person can just yoink it.

That transparency & availability for community contributions or forks is the point of open-source.

If you're only using open-source as marketing because you're bad at marketing, then you should probably go closed source & find a non-technical business partner.

Whoever "yoinks" the package runs into the same problem because they now have to build credibility somehow to actually profit from it.