crates.io: Malicious crates faster_log and async_println

crates.io: Malicious crates faster_log and async_println | Rust Blog (blog.rust-lang.org)
from turbohz@programming.dev to rust@programming.dev on 25 Sep 07:35
https://programming.dev/post/38042584

#rust

threaded - newest

thingsiplay@beehaw.org on 25 Sep 07:39 next collapse

Not again…

Starfighter@discuss.tchncs.de on 25 Sep 07:50 collapse

As long as people are using Rust, it will necessarily attract this kind of action. This won’t be the last attack we will see.

I think the team has handled it quite well.

INeedMana@piefed.zip on 25 Sep 08:06 next collapse

What are the proper crates that the malicious ones were pretending to be? (I’m new to Rust)

fartsparkles@lemmy.world on 25 Sep 08:13 collapse

Both were impersonating fast_log.

INeedMana@piefed.zip on 25 Sep 08:19 collapse

Thanks :)

async_println is a part of fast_log?

fartsparkles@lemmy.world on 25 Sep 08:28 collapse

Both faster_log and async_println were purely malicious packages (not taken over and turned malicious).

I know faster_log is typosquatting / luring fast_log users but I’m not sure about about async_println (which was a clone of the malicious faster_log).

async_std::print is a thing so I guess trying to lure users who search crates before docs :shrug:

nebeker@programming.dev on 25 Sep 10:19 collapse

I mean, if you want your prints to be asynchronous you’re looking for trouble to begin with.

The previous statement is a joke.

Ephera@lemmy.ml on 25 Sep 10:09 next collapse

Damn, expected something like this to happen or, well, be detected after the big NPM attacks.

amgdvx@programming.dev on 25 Sep 16:47 collapse

Seriously more effort and investment should be put into code scanners if we want a bright future to modern software development