:ferris_gesture: crates.io has an experimental dark UI mode now! 😱
we finally implemented our most upvoted feature request over the past weeks. while we are still searching for potential issues, the default mode is "Light". once we feel confident about the dark mode we will switch it over to "System".
let us know via https://github.com/rust-lang/crates.io/issues if you find any issues!
@ironchamber Honestly? If I’m writing Rust code, I just pull the `wasi` package from crates.io. Or if for some reason I’m using a custom interface I either copy-paste it or use git submodules.
To vendor or to fork? That is the question.
Since #Rust Crates.io started giving #RUSTSEC warnings on the unmaintained status of #yaml-rust library, there's a bit of a panic, not in the least because 1,000's of crates depend on it.
This article by the maintainer of Insta snapshot testing tool gives a nice analogy to Collateralized Debt Obligations (CDO's) with considerations on whether you should fork or might vendor the lib.
The pkgx.dev thing was doing the rounds yesterday and today, and it turns out that it's related to something else I've seen this week, which is tea.xyz, which tries to incentivise FOSS contributions with magic beans cryptocurrency.
Anyway, it turns out that if you make that incentive, you also make an incentive for spammy PRs and hamfisted attempts to fork and typosquat known packages to get some of those magic beans based on hopefully tricking people into installing your fork rather than the upstream.
At least the crates.io typosquatting detection seems to be doing its job. 😬
(hat tips to @web3isgreat and @molly0xfff)
@chas Yes, to crates.io, npmjs.org, etc. At least go doesn't create any issues apart from potentially slowing searches for suitable dependencies.
Sorry for the confusion.
@NumbersCanBeFun@lethallava.land yep, but the problem occurs in any language/package repository (npmjs, crates.io, GitHub, ...)
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.