High crate download rates from crates.io

I just noticed there seem to be very high download rates from crate.io for my crates in February. For example it says that on Feb 23, the crate was downloaded 2,821 times! Something strange is going on I would say, maybe some kind of denial of service attack? Or just some blundering out-of-control spider or something. Incidentally the preview features is reporting a 404 error code for this link:

https://crates.io/crates/rustdb

2 Likes

... Or you just have found some new users that like your crate :sweat_smile: Definitely can't see the same behaviour in February for my crates lol. Also 2,821 downloads hardly count as a DoS attack, given that something like syn has like a million downloads every weekday.

4 Likes

I don't think that is at all plausible! I don't think I have any at all apart from myself, LOL. Let alone nearly 3,000 in a day!

Yeah, in my experience your download rate can behave strangely sometimes. All you need is one project with a decently sized CI pipeline without proper caching pulling in your lib and you get hundreds or thousands downloads more from one day to the next.

3 Likes

The download data is very noisy. crates-io counts everything, and has no anti-spam, throttling or filtering of the downloads.

Usually the numbers are inflated by bots, crates-io mirrors, and Docker builds that redownload everything every time.

4 Likes

Crates.io recently switched from counting downloads via requests to the application to counting downloads by parsing CDN logs. Here's a zulip thread about it; I think a blog post is coming soon. https://rust-lang.zulipchat.com/#narrow/stream/318791-t-crates-io/topic/download.20counting.20via.20CDN.20logs

There are some tools/mirrors that were hitting the CDN directly: those downloads weren't being counted before and now they are.

9 Likes

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.