Smuggling malicious code into crates.io ?

Our great sponsors

WorkOS - The modern identity platform for B2B SaaS

InfluxDB - Power Real-Time Data Analytics at Scale

SaaSHub - Software Alternatives and Reviews

Our great sponsors

crates.io

102 2,781 10.0 Rust

The Rust package registry

I'm discussing Go vs Rust with my boss. He says Go has a better packaging system than rust, because it's possible to publish different code on crates.io than the repo on github. That way, one can accidentally import malicious code, even if one looks at the source code on github. In Go on the other hand, code is pulled from the repo directly, and a database of go.sum hashes ensures that it's always the exact same code.
WorkOS

workos.com
sponsored

The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Show HN: a Rust Based CLI tool 'imgcatr' for displaying images
4 projects | news.ycombinator.com | 16 Apr 2024
A lightweight ORM library for Rust
1 project | news.ycombinator.com | 16 Apr 2024
Show HN: Asak – cross-platform audio recording/playback CLI tool written in Rust
1 project | news.ycombinator.com | 16 Apr 2024
Bloop – AI Legacy Code Modernisation
1 project | news.ycombinator.com | 15 Apr 2024
Show HN: MyFirst Rust Project: Finding unused Python packages
1 project | news.ycombinator.com | 15 Apr 2024

Smuggling malicious code into crates.io ?

This page summarizes the projects mentioned and recommended in the original post on /r/rust Post date: 10 May 2022

crates.io

WorkOS

Related posts