top | item 45708657

(no title)

lvass | 4 months ago

Why didn't crates.io maintainers apply the patch themselves? NPM does meddle with packages when an incident happens like they did with left-pad.

discuss

woodruffw|4 months ago

I think that would be pretty disruptive, and would break some assumptions around crate integrity that are deeply held.

My understanding is that the left-pad incident is not directly analogous, since it involved restoring a deleted package rather than modifying an extant package.

eviks|4 months ago

Do you have a more relevant example of meddling besides a binary block/publish?