crates.io phishing attempt
Thanks to my sponsors: Matt Jadczak, Jeff Crocker, David Barsky, David Smith, Johnathan Pagnutti, Yufan Lou, Matej Volf, Hamilton Chapman, rektide, Jelle Besseling, Lucille Blumire, Sean Bryant, Lawrence Bethlenfalvy, Marty Penner, Marcus Griep, Michal Hošna, Luis, Adam Gutglick, Thehbadger, villem and 253 more
Earlier this week, an npm supply chain attack.
It’s turn for crates.io, the main public repository for Rust crates (packages).
The phishing e-mail looks like this:
And it leads to a GitHub login page that looks like this:
Several maintainers received it — the issue is being discussed on GitHub.
The crates.io team has acknowledged the attack and said they’d see if they can do something about it.
No compromised packages have been identified as of yet (Sep 12, 14:10 UTC).
Important links:
Did you know I also make videos? Check them out on PeerTube and also YouTube!
Here's another article just for you:
Surviving Rust async interfaces
I used to be afraid of async Rust. It’s easy to get into trouble!
But thanks to the work done by the whole community, async Rust is getting easier to use every week. One project I think is doing particularly great work in this area is async-std.
Let’s say we want to compute the SHA3-256 hash of a file. It’s very easy to do with synchronous I/O: