crates.io VS Cargo

Crates.io has filled in the gaps that used to make Rust feel incomplete for backend work. There’s a crate for almost everything now serialization, database access, observability, AWS integrations. It’s not Go’s ecosystem in terms of breadth, but it’s not the frontier territory it was three years ago either.

The ecosystem, however, is unmatched: Cargo (widely considered the best package manager in any language), 355,000+ crates on crates.io, rust-analyzer, Clippy, and compiler error messages so diagnostic they often tell you not just what broke but how to fix it.

Although Rust's standard library doesn't provide functions related to generating random numbers, the Rust team has developed external libraries with this functionality. You can find this external library by searching for rand on the official Rust crates management platform (the official package management platform and ecosystem for the Rust programming language). This webpage provides very detailed information about this library.

In particular a number of other projects assume that you have a GitHub account. https://github.com/rust-lang/crates.io/issues/326 has been open for literally a decade without any meaningful work. If you want to publish a Lean software packages on Reservoir, the official Lean package registry, their requirements (https://reservoir.lean-lang.org/inclusion-criteria) not only specify a GitHub project specifically, but having at least two stars on GitHub as a "basic quality filter". Microsoft is a big funder of Lean and I can't help but think this is a deliberate restriction to increase lock-in on a Microsoft-owned platform.

Publish your crate to crates.io and anyone with Rust installed can run:

Surrealism surpasses this limitation by letting you define functions in Rust instead, with all of the available bells and whistles that you get from the Cargo package manager and crates.io ecosystem.

crates.io - Official registry

Head over to https://crates.io/ and create an account. You'll need to link it to your GitHub account (or another supported provider) for authentication.

В Elixir есть Mix. В Rust есть Cargo. В Ruby есть Bundler и RubyGems. В Haskell есть Cabal и Stack. В JavaScript есть npm, pnpm и Yarn. В Go есть modules.

The Cargo Book

> It may have been nice to expose some reasonable defaults for code coverage measurements too.

Would love built in coverage support but investigation is needed on the design (https://github.com/rust-lang/cargo/issues/13040) and we likely need to redo how we handle doctests (https://blog.rust-lang.org/inside-rust/2025/10/01/this-devel...).

Cargo package manager: https://doc.rust-lang.org/c

https://www.rust-lang.org/ https://doc.rust-lang.org/cargo/ https://doc.rust-lang.org/cargo/getting-started/installation.html

cargo, rustfmt, clippy, rust-analyzer, and Rust’s robust unit testing capabilities together form a powerful ecosystem for managing large-scale projects like Spin.

That work is being tracked in https://github.com/rust-lang/cargo/issues/5931

Someone has taken up the work on this though there are some foundational steps first.

1. We need to delineate intermediate and final build artifacts so people have a clearer understanding in `target/` what has stability guarantees (implemented, awaiting stabilization).

2. We then need to re-organize the target directory from being organized by file type to being organized by crate instance.

3. We need to re-do the file locking for `target/` so when we share things, one cargo process won't lock out your entire system

4. We can then start exploring moving intermediate artifacts into a central location.

There are some caveats to this initial implementation

- To avoid cache poisoning, this will only items with immutable source that and an idempotent build, leaving out your local source and stuff that depends on build scripts and proc-macros. There is work to reduce the reliance on build scripts and proc-macros. We may also need a "trust me, this is idempotent" flag for some remaining cases.

- A new instance of a crate will be created in the cache if any dependency changes versions, reducing reuse. This becomes worse when foundation crates release frequently and when adding or updating a specific dependency, Cargo prefers to keep all existing versions, creating a very unpredictable dependency tree. Support for remote caches, especially if you can use your project's CI as a cache source, would help a lot with this.

> It seems wild to consider such intermediate files as part of public API. Someone relying on it does not automatically make it a breaking change if it’s not documented.

To find what is considered an intermediate vs a final artifact from cargo, you need to check out https://doc.rust-lang.org/cargo/reference/build-cache.html

We are working on making this clearer with https://github.com/rust-lang/cargo/issues/14125 where there will be `build.build-dir` (intermediate files) and `build.target-dir` (final artifacts).

When you do a `cargo build` inside of a library, like `clap`, you will get an rlip copied into `build.target-dir` (final artifacts). This is intended for integration with other build systems. There are holes with this workflow though but identifying all of the relevant cases for what might be a "safe" breakage is difficult.

See https://github.com/rust-lang/cargo/issues/13897 and https://github.com/rust-lang/cargo/issues/13897#issuecomment... .