Lib.rs

Issues found

Based on crates you own that have been published to crates.io. The best way to monitor these issues is to subscribe to the atom feed in your RSS reader.

• fastrace

  • The Cargo package has no git commit information

    Before publishing a package, make sure all packaged files are committed to the repository, and there are no "dirty" files. Push this commit to crate's public repository.

    To protect against supply chain attacks similar to CVE-2024-3094, lib.rs will soon start flagging non-reproducible packages without public source code as suspicious. Currently only git repositories are supported (but may be hosted anywhere, not just GitHub). If you'd like a different SCM supported, please file a feature request.

    More info

  • Failed to verify create's content against its repository

    Verified 37 out of 38 files (includes 3 Cargo-generated).

    • warning: The crates.io package has no commit hash associated with it.
      • Publish a new version, without using --allow-dirty flag. Make sure all changes are committed before publishing. Use include/exclude in Cargo.toml to omit unnecessary files.
    • warning: There is no matching git tag containing version '0.7.9'.
    • warning: Had to perform fuzzy search of the head branch due to lack of commit information in the package.

    Files in the crates.io crate compared to the repository:

    • Cargo.lock not found.
    • Cargo.toml.orig does not match the repository.
    • README.md does not match the repository.

    Looked for the crate in fastrace/. Fetched https://github.com/fast/fastrace.git 92fea1995123fb0870c0409f5c9fc2c76153ae4c.

    Checked on 2025-04-27

    This check is experimental.

    Forum thread

• arraydeque, simsearch, byte

  • License MIT/Apache-2.0 is not in SPDX syntax

    Use OR instead of /.

    SPDX license list

• tdigests

  • Missing categories

    Categories improve browsing of lib.rs and crates.io. Add categories = ["…"] to the Cargo.toml.

    Even if there are no categories that fit precisely, pick one that is least bad. You can also propose new categories in crates.io issue tracker.

    List of available categories

  • Published crate doesn't match its repository

    Partially verified 16 files (includes 3 Cargo-generated).

    Files in the crates.io crate compared to the repository:

    • Cargo.lock not found.

    Fetched https://github.com/andylokandy/tdigests.git 042db7b82b1fcd1276ccc7041948d87153073759.

    Checked on 2024-11-03

    Forum thread

• logcall

  • Imprecise dependency requirement syn = 2

    Cargo does not always pick latest versions of dependencies! Specify the version as syn = "2.0.101". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    This crate does not bump semver-minor when adding new features, so to be safe you get all the features/APIs/fixes that your crate depends on, require a more specific patch version.

    syn versions

  • Published crate doesn't match its repository

    Partially verified 29 files (includes 2 Cargo-generated).

    Fetched https://github.com/fast/logcall.git 6b05a9356e7d8a78cb0181d3c75cc1c2d1a6c834.

    Checked on 2024-12-29

    Forum thread

• minstant

  • Published crate doesn't match its repository

    Partially verified 12 files (includes 2 Cargo-generated).

    Fetched https://github.com/tikv/minstant.git d9f6901fead41cfaa42a4bac9e5bf7a2d1461829.

    Checked on 2024-08-04

    Forum thread

  • Dependency ctor 0.1.20 is outdated

    Upgrade to 0.4.2 to get all the fixes, and avoid causing duplicate dependencies in projects.

    In Cargo, different 0.x versions are considered incompatible, so this is a semver-major upgrade.

    ctor versions

  • Missing categories

    Categories improve browsing of lib.rs and crates.io. Add categories = ["concurrency"] to the Cargo.toml.

    List of available categories

  • Optional dependency 'coarsetime' exposed as an implicit feature

    Cargo automatically makes publicly-available crate features for every optional dependency, unless the dependencies are referenced using dep: syntax. Feature 'coarsetime' may have been unintentional.

    Crate features

• simsearch

  • Dependency triple_accel 0.3.4 is significantly outdated

    Upgrade to 0.4.0 to get all the fixes, and avoid causing duplicate dependencies in projects.

    triple_accel versions

  • Dependency strsim 0.10 is outdated

    Upgrade to 0.11.1 to get all the fixes, and avoid causing duplicate dependencies in projects.

    strsim versions

  • Failed to verify create's content against its repository

    Partially verified 13 files (includes 2 Cargo-generated).

    • warning: Crate tarball has been published from a different commit than the commit tagged by git tag '0.2.5'.
      • Create git tags after comitting any changes, and commit changes after bumping versions and running cargo update.

    Fetched https://github.com/andylokandy/simsearch-rs.git 706aaa33cdc45814c006c59b3ddf37349bc5d32c.

    Checked on 2024-08-10

    Forum thread

• fastrace-axum

  • Published crate doesn't match its repository

    Partially verified 15 files (includes 3 Cargo-generated).

    Files in the crates.io crate compared to the repository:

    • Cargo.lock does not match the repository.

    Fetched https://github.com/fast/fastrace-axum.git 8a4c3d9c2203b84bbc4deb64a97d7a616c0c5a38.

    Checked on 2025-03-30

    Forum thread

  • Dependency logforth 0.23 is a bit outdated

    Consider upgrading to 0.24.0 to get all the fixes and improvements.

    logforth versions

• tikv-client

  • Dependency async-recursion 0.3 is significantly outdated

    Upgrade to 1.1.0 to get all the fixes, and avoid causing duplicate dependencies in projects.

    Easy way to bump dependencies: cargo install cargo-edit; cargo upgrade -i; Also check out Dependabot service on GitHub.

    async-recursion versions

  • Dependency tonic 0.10 is significantly outdated

    Upgrade to 0.13.0 to get all the fixes, and avoid causing duplicate dependencies in projects.

    tonic versions

  • Published crate doesn't match its repository

    Partially verified 141 files (includes 3 Cargo-generated).

    Files in the crates.io crate compared to the repository:

    • Cargo.lock not found.

    Fetched https://github.com/tikv/client-rust.git bd14485ca796a4026fb404b9b56c61a83c13284a.

    Checked on 2024-08-04

    Forum thread

  • Dependency derive-new 0.5 is outdated

    Consider upgrading to 0.7.0 to get all the fixes and improvements.

    derive-new versions

  • Dependency fail 0.4 is outdated

    Consider upgrading to 0.5.1 to get all the fixes and improvements.

    fail versions

  • Dependency prometheus 0.13 is a bit outdated

    Consider upgrading to 0.14.0 to get all the fixes and improvements.

    prometheus versions

  • Dependency prost 0.12 is outdated

    Upgrade to 0.13.5 to get all the fixes, and avoid causing duplicate dependencies in projects.

    prost versions

  • Dependency rand 0.8 is a bit outdated

    Consider upgrading to 0.9.1 to get all the fixes and improvements.

    rand versions

  • Dependency thiserror 1 is a bit outdated

    Consider upgrading to 2.0.12 to get all the fixes and improvements.

    thiserror versions

  • Imprecise dependency requirement lazy_static = 1

    Cargo does not always pick latest versions of dependencies! Specify the version as lazy_static = "1.5.0". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    If you want to keep using truly minimal dependency requirements, please make sure you test them in CI with -Z minimal-versions Cargo option, because it's very easy to accidentally use a feature added in a later version.

    lazy_static versions

  • Missing categories

    Categories improve browsing of lib.rs and crates.io. Add categories = ["database"] to the Cargo.toml.

    List of available categories

• fastrace-tracing

  • Published crate doesn't match its repository

    Partially verified 14 files (includes 2 Cargo-generated).

    Fetched https://github.com/fast/fastrace-tracing.git 6d6158621de9ea3b24465dfab4b7cb841e90615c.

    Checked on 2025-03-30

    Forum thread

  • Dependency logforth 0.23 is a bit outdated

    Consider upgrading to 0.24.0 to get all the fixes and improvements.

    logforth versions

• byte

  • Published crate doesn't match its repository

    Partially verified 15 files (includes 2 Cargo-generated).

    Fetched https://github.com/andylokandy/byte.git 369bbbadd1b83612a11a9563a86caac52aa4b768.

    Checked on 2024-08-10

    Forum thread

• minitrace-opentelemetry

  • Dependency opentelemetry 0.23 is significantly outdated

    Upgrade to 0.29.1 to get all the fixes, and avoid causing duplicate dependencies in projects.

    opentelemetry versions

  • Dependency opentelemetry_sdk 0.23 is significantly outdated

    Upgrade to 0.29.0 to get all the fixes, and avoid causing duplicate dependencies in projects.

    opentelemetry_sdk versions

• minitrace

  • Reported security advisory RUSTSEC-2024-0390

    minitrace is Unmaintained

    All crate audits

  • Dependency rand 0.8 is a bit outdated

    Consider upgrading to 0.9.1 to get all the fixes and improvements.

    rand versions

  • Dependency rtrb 0.2 is significantly outdated

    Upgrade to 0.3.2 to get all the fixes, and avoid causing duplicate dependencies in projects.

    rtrb versions

  • Imprecise dependency requirement once_cell = 1

    Cargo does not always pick latest versions of dependencies! Specify the version as once_cell = "1.21.0". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    once_cell versions

• minitrace-jaeger, minitrace-datadog, minitrace-futures, minitrace-opentelemetry, comp, minitrace, minitrace-macro

  • The Cargo package has no git commit information

    Before publishing a package, make sure all packaged files are committed to the repository, and there are no "dirty" files. Push this commit to crate's public repository.

    More info

• scopedb-client

  • Published crate doesn't match its repository

    Partially verified 10 files (includes 2 Cargo-generated).

    Looked for the crate in rust/. Fetched https://github.com/scopedb/scopedb-sdk.git da42654286d6e982e4f7b003c12fa17cfb59e76f.

    Checked on 2025-02-23

    Forum thread

  • Dependency arrow 54.2.0 is outdated

    Upgrade to 55.0.0 to get all the fixes, and avoid causing duplicate dependencies in projects.

    arrow versions

• nom-rule

  • Imprecise dependency requirement syn = 2

    Cargo does not always pick latest versions of dependencies! Specify the version as syn = "2.0.101". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    syn versions

  • Published crate doesn't match its repository

    Partially verified 10 files (includes 3 Cargo-generated).

    Files in the crates.io crate compared to the repository:

    • Cargo.lock not found.

    Fetched https://github.com/andylokandy/nom-rule.git 4501a00f629a19a1fe2cc6feb20c9464fdbf5ef7.

    Checked on 2025-02-02

    Forum thread

• percas-client

  • Missing categories

    Categories improve browsing of lib.rs and crates.io. Add categories = ["network-programming"] to the Cargo.toml.

    List of available categories

  • Missing keywords

    Help users find your crates. Add keywords = ["client", "percas-client", "percas", "server", "mode"] (up to 5) to the Cargo.toml. Best keywords are alternative terms or their spellings that aren't in the name or description. Also add a keyword that precisely categorizes this crate and groups it with other similar crates.

• comp

  • Latest stable release is old

    It's been over 7 years. Is this crate still maintained? Make a new release, either to refresh it, or to set

    [badges.maintenance]
    status = "deprecated"
    

    (or "as-is", "passively-maintained").

    If the crate is truly stable, why not make a 1.0.0 release?

    Maintenance status field docs

  • License MIT/Apache-2.0 is not in SPDX syntax

    Use OR instead of /.

    SPDX license list

  • Missing categories

    Categories improve browsing of lib.rs and crates.io. Add categories = ["rust-patterns"] to the Cargo.toml.

    List of available categories

• minitrace-datadog

  • Dependency reqwest 0.11 is outdated

    Upgrade to 0.12.15 to get all the fixes, and avoid causing duplicate dependencies in projects.

    reqwest versions

  • Imprecise dependency requirement rmp-serde = 1

    Cargo does not always pick latest versions of dependencies! Specify the version as rmp-serde = "1.3.0". If Cargo.lock ends up having an unexpectedly old version of the dependency, you might get a dependency that lacks features/APIs or important bugfixes that you depend on. This is most likely to happen when using the minimal-versions flag, used by users of old Rust versions.

    rmp-serde versions

• minitrace-macro

  • Dependency syn 1.0.84 is significantly outdated

    Upgrade to 2.0.101 to get all the fixes, and avoid causing duplicate dependencies in projects.

    syn versions

  • Failed to verify create's content against its repository

    Partially verified 41 files (includes 2 Cargo-generated).

    • warning: The crates.io package has no commit hash associated with it.
      • Publish a new version, without using --allow-dirty flag. Make sure all changes are committed before publishing. Use include/exclude in Cargo.toml to omit unnecessary files.
    • warning: The crates.io package has no information about its path inside its repository.
    • warning: There is no matching git tag containing version '0.6.7'.
    • warning: Had to perform fuzzy search of the head branch due to lack of commit information in the package.

    Files in the crates.io crate compared to the repository:

    • Cargo.toml.orig does not match the repository.

    Looked for the crate in minitrace-macro/. Fetched https://github.com/tikv/minitrace-rust.git d679456de432728170ed319cba2bd86ad5afe1f5.

    Checked on 2025-04-27

    Forum thread

No issues found in: logforth fastrace-reqwest fastrace-datadog fastrace-jaeger fastrace-futures fastrace-macro fastrace-opentelemetry fastrace-tonic fastrace-poem smallbox

If some of these crates are unmaintained and shouldn't be checked, yank them or add [badges.maintenance]
status = "deprecated" to their Cargo.toml.