Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
The person claimed that they could take over a crates.io package this way, but they didn't actually demonstrate this, so I'm not sure (in particular, if the API uses the GitHub repository ID instead of doing an owner-name-repo-name lookup, does this sort of squatting attack still work?).
There's work toward solving that. (RFC: make Cargo embed dependency versions in the compiled binary)
I am working on a full-fledged implementation of this as a crate: https://github.com/Shnatsel/rust-audit
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a more popular project.