Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.
Endigest AI Core Summary
The crates.io team announces a policy change regarding notifications for malicious crates detected on the registry.
•Blog posts will no longer be published for every malicious crate removal; only RustSec advisories will be issued in most cases.
•Crates with real-world usage or active exploitation will still receive both a blog post and a RustSec advisory.
•Users can subscribe to the RustSec advisory RSS feed to stay informed about removed malicious crates.
•Recent removals include finch_cli_rust/finch-rst/sha-rst (credential exfiltration impersonating finch_cli) and two polymarket-clients-sdk variants (impersonating polymarket-client-sdk).
•In all cases, crates were deleted, publisher accounts disabled, and upstream providers notified.
This summary was automatically generated by AI based on the original article and may not be fully accurate.
Rust
The Hacker News