Hi! I did a search for serde_json on crates.io, and I noticed the results contained a number of listings that appear to be simply alternate names for the same crate. For example: serde_json_untagged, alt_serde_json, hc_serde_json, and I think there are several others. Some of them have different version numbers, but they all seem to point to the same codebase and documentation, and I haven't found any explanation of what these different names mean.
What's going on here? Do these variants actually mean anything, or are they just artifacts of the crate publishing process?
Those are all different crates.
They just look alike, because some appear to have the same README.
But you can clearly see, that they have different versions and owners.
OK, but given that they are linked to the same GitHub repo and the same API docs, there is no apparent indication of what the different names mean or why someone would choose to use one or another. It's not terribly important, and I have no specific reason to use anything other than the main serde_json crate ... it just seems strange.
You can set whatever URL you want as repository and documentation in your Cargo.toml. This is also how potentially malicious crates may act, though I am not saying that these particular crates are malicious.
hc_serde_json, for example, looks like simply a vendored fork, that is, the same codebase published for organization's internal use (i.e. to avoid bumping the dependency versions accidentally).
People who fork libraries and publish them, whatever their reason for forking, do not always update the README to explain their fork, or the repository link to point to their repository. This is unfortunate, but something you have to watch out for.
(It’d be neat if crates.io would display “this package’s contents don’t seem to match its repository link”, but that is not trivial to implement in a practical way.)