this post was submitted on 25 Sep 2025
34 points (100.0% liked)

Rust

7357 readers
39 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
EdTheLegendary@programming.dev
kahnclusions@programming.dev
torcherist@programming.dev
34
crates.io: Malicious crates faster_log and async_println | Rust Blog (blog.rust-lang.org)
submitted 15 hours ago by turbohz@programming.dev to c/rust@programming.dev
8 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] INeedMana@piefed.zip 2 points 15 hours ago (1 children)

What are the proper crates that the malicious ones were pretending to be? (I'm new to Rust)

[–] fartsparkles@lemmy.world 4 points 15 hours ago (1 children)

Both were impersonating fast_log.

[–] INeedMana@piefed.zip 1 points 15 hours ago* (last edited 15 hours ago) (1 children)

Thanks :)

async_println is a part of fast_log?

[–] fartsparkles@lemmy.world 5 points 14 hours ago* (last edited 14 hours ago) (1 children)

Both faster_log and async_println were purely malicious packages (not taken over and turned malicious).

I know faster_log is typosquatting / luring fast_log users but I’m not sure about about async_println (which was a clone of the malicious faster_log).

async_std::print is a thing so I guess trying to lure users who search crates before docs :shrug:

[–] nebeker@programming.dev 2 points 13 hours ago

I mean, if you want your prints to be asynchronous you’re looking for trouble to begin with.

The previous statement is a joke.