sayzard17h ago

Active supply chain attack across NPM, PyPI, and Crates. io

npm, PyPI, Crates.io 등 주요 패키지 생태계에서 TrapDoor라는 암호화폐 탈취 악성코드가 포함된 34개 패키지와 384개 버전이 발견되어 활발한 공급망 공격이 진행 중이다. 공격자는 암호화폐 지갑, SSH 키, 클라우드 자격증명, GitHub 토큰 등 민감 정보를 탈취하며, 보안 연구팀 Socket은 평균 5분 27초 내에 악성 패키지를 탐지했다. 이 공격은 AI, DeFi, 보안 개발자들을 주요 타깃으로 삼고 있어 즉각적인 대응과 주의가 필요하다.

https://twitter.com/socketsecurity/status/2058565153138844043

#supplychainattack #npm #pypi #cratesio #security

Socket (@SocketSecurity) on X

🚨 BREAKING: Active supply chain attack across npm, PyPI, and Crates.​io. Socket detected TrapDoor, a crypto stealer campaign hitting 34 malicious packages and 384 versions and artifacts, with attackers repeatedly pushing new releases across ecosystems. TrapDoor targets

X (formerly Twitter)
YOOTAApr 15

Servo 0.1.0 Lands on crates.io: A Rust Browser Engine Becomes Embeddable

Servo releases version 0.1.0 on crates.io, allowing developers to embed the Rust browser engine directly into their applications for the first time.

https://yoota.it/en/servo-0-1-0-lands-on-crates-io-a-rust-browser-engine-becomes-embeddable/

YOOTAApr 15

Servo 0.1.0 arriva su crates.io, il motore browser in Rust diventa una libreria utilizzabile

Servo pubblica la versione 0.1.0 su crates.io, permettendo per la prima volta di integrare il motore browser Rust come libreria nelle proprie applicazioni.

https://yoota.it/servo-0-1-0-arriva-su-crates-io-il-motore-browser-in-rust-diventa-una-libreria-utilizzabile/

NERDS.xyz – Real Tech News for Real Nerds [Unofficial]Mar 23

Canonical joins Rust Foundation

https://fed.brid.gy/r/https://nerds.xyz/2026/03/canonical-rust-foundation/

Alberson Miranda Mar 17

Tired to write verbose RScript lines when non-interactive (or getting LOCK library errors on RStudio  )? rpkg is now live on crates.io 🎉 https://crates.io/crates/rpkg

A lightweight Rust CLI to install R packages from terminal:
• CRAN/Git* packages
• Country-based mirror selection
• Git source flags: GitHub/GitLab/Bitbucket/Codeberg
• Optional library path

Feedback welcome from R + Rust folks 🙌

#rustlang #rstats #opensource #cli #cratesio

crates.io: Rust Package Registry

crates.io serves as a central registry for sharing crates, which are packages or libraries written in Rust that you can use to enhance your projects

jmcnamaraFeb 4

Calamine v0.33.0 has been released:

https://crates.io/crates/calamine

https://github.com/tafia/calamine/releases/tag/v0.33.0

https://docs.rs/calamine/latest/calamine/changelog/index.html

Thanks to all the contributors and welcome to `withzombies` and `siqpush` who were new contributors in this release.

#rust #cratesio

crates.io: Rust Package Registry

Erik C. ThauvinJan 21

crates.io: development update

#cratesio #rustlang

https://blog.rust-lang.org/2026/01/21/crates-io-development-update/

crates.io: development update | Rust Blog

Empowering everyone to build reliable and efficient software.

Erik C. ThauvinJan 11

How Safe is the Rust Ecosystem? A Deep Dive into crates.io

#cargo #cargodeny #cratesio #rustlang

https://mr-leshiy-blog.web.app/blog/crates_io_analysis/

Boozook 🦀 Dec 7

I’ve tested package removing on #cratesio and it works perfectly! ❤️‍🔥
All my #FlipperZero crates just 💨

https://crates.io/keywords/flipper-zero

Show threadsocNov 19, 2025

@jak2k I decided in 2025 that my personal requirements for publishing libraries are
- the availability of namespaces, and
- choice of authentication providers.

Let's see if crates.io ever arrives at that.

#rust #cratesio