I don’t think the basic General registry should be the place for thorough reviews. It’s the de facto way to hook a package into all the great package manager functionality and version control. Restricting access to it seems odd, besides prohibiting name-squatting and malicious packages.
Users should really be in charge of deciding the bar for including a package in their project. We’ve encountered this several times, and what people consider “low quality” varies dramatically across domains and individuals. Arbitrarily making a “low quality” package harder to install would be a strange step.
I think there’s a place for a curated registry of high-quality packages. Going with the journal analogy: we should have a free-for-all arXiv that offers basic infrastructure for the package manager to do its thing (like I think the current setup mostly is), and we could have high-quality registries or curated lists that essentially give packages a badge of honor/quality - only for discovery and for getting newcommers started.