Recent lib.rs site improvements

• Typo correction in search.
  If you search for "serrde", you will get "Did you mean serde?". It's a simple correction based on levenshtein distance, so don't expect google-level smarts. It kicks in when there are no results, or the results seem low quality.

• Short URLs avoid bad crates.
  For most crates you can open lib.rs/crate_name to get the crate's page. However, if the crate is obsolete or the name is squatted, it will direct to search instead. For example, https://lib.rs/git instead of showing some placeholder crate from 2015, it will direct to search for git with better options.

• Pages of junk/obsolete crates are made to look obviously bad (…if you clear cache and reload the CSS).
  There are some pretty old deprecated unmaintained crates that nobody should be using any more. I've realized it's weird that they're displayed the same way like any good crate, and it was up to the reader to notice the small clues that they're expired. But the site knows they're bad, so they should look bad, and I've made their pages look bad. The whole page is grayed out, hard to read on purpose, so you can't miss it. The only readable parts are the date of last release, and the "see also" section.

• More "see also" suggestions at the bottom of the crate page.
  They were based on on keywords, and now there are also a few based on similarity of the readme text.

• There's a new "Biology" category, which is mostly DNA sequencing.

• Mastodon links are supported on owner profile pages. They're read from GitHub profiles and rustaceans.org repo.

I'm also working on identifying "trusted" owners and crates. I've heard many times that the biggest worry people have with dependencies is supply-chain attacks due to trusting "random strangers". My current approach is to bootstrap a web of trust from users in the rust-lang org (and to a lesser extent, a few other well-known orgs) and pass on some of that trust to people they've collaborated with, proportional to a few factors like popularity of crates they share (if you give publish access to a popular crate to someone, you have to trust them!). I'm not displaying this on the site, and it's only a small fraction of ranking, because I'm concerned about a couple of things: a) I'm worried that people who don't end up included in this web-of-trust may take it personally, b) inferring trust from org and crate memberships might have side effects, like incentivising bad actors to join the trusted orgs.

I noticed that there is some shady crates that are just forks punished under another name.

Anything lib.rs can do about that?

It's a tough problem, because sometimes forks are legitimately useful. I've manually blocked one user who seemed to be suspiciously spammy, but I don't have any automated logic for detecting useless forks.

Just out of curiosity, is there some reason there's not an obvious link to a crate's crates.io page directly on a crate's main page on lib.rs? I found one by going to the "Installation" sub-page and noticing that it shows up as a "tab" next to the "Instructions" tab you initially get placed on there, but it feels very much out of the way and definitely out of place.

There isn't. The link on the installation page is for those who really really like copy&paste method of updating Cargo.toml, which I deliberately don't have, because I think it's obsolete since cargo add is built in.

Some crates have badges that link to crates.io, and these links should work too.

What information/functionality you're looking for?

lib.rs is awesome, thank you a lot for maintaining it! <3

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.