Empowering everyone to build reliable and efficient software.
  • amgdvx@programming.dev
    2·
    12 hours ago

    Seriously more effort and investment should be put into code scanners if we want a bright future to modern software development

    • Starfighter@discuss.tchncs.de
      11·
      21 hours ago

      As long as people are using Rust, it will necessarily attract this kind of action. This won’t be the last attack we will see.

      I think the team has handled it quite well.

  • Ephera@lemmy.mlEnglish
    3·
    18 hours ago

    Damn, expected something like this to happen or, well, be detected after the big NPM attacks.

  • INeedMana@piefed.zipEnglish
    2·
    20 hours ago

    What are the proper crates that the malicious ones were pretending to be? (I’m new to Rust)

        • fartsparkles@lemmy.world
          5·
          20 hours ago

          Both faster_log and async_println were purely malicious packages (not taken over and turned malicious).

          I know faster_log is typosquatting / luring fast_log users but I’m not sure about about async_println (which was a clone of the malicious faster_log).

          async_std::print is a thing so I guess trying to lure users who search crates before docs :shrug:

          • nebeker@programming.devEnglish
            2·
            18 hours ago

            I mean, if you want your prints to be asynchronous you’re looking for trouble to begin with.

            The previous statement is a joke.