Rust Malware Staged on Crates.io - eviltoast
  • Lucky@lemmy.ml
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    Another way to mitigate type squatting would be namespacing crates. Much easier to verify who owns the package and related packages

    • Vorpal@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Doesn’t really help: what if you typo the namespace instead? Same exact issue. Namespaces are useful for other things though, but not security.