Crate naming confusion - use underscores always. E.g. tokio-core and serde_derive

be1db3f
Opened by Squirrel at 2023-09-21 17:01:10

We need to make things a bit more consistent: 'extern' crate name should equal crate name in the toml file.

For example: tokio-core and serde_derive are both valid crate names.

But

extern crate tokio-core;

is a compile error as it's not a valid rust name. Instead we have to use underscore:

extern crate tokio_core;

Can we ban new crates being published on crates.io with hyphens so that we only have underscores. (Or alternatively ban underscores and only have hyphens). Worst case, can we ensure that no one can publish a crate called tokio_core if there is already a tokio-core as this is a security risk of someone publishing a malicious crate.

  1. Related discussions: https://internals.rust-lang.org/t/pre-rfc-resolve-support-for-hyphens-in-crate-names/1459 https://internals.rust-lang.org/t/maybe-pre-rfc-improving---in-cargo-crates-io/5251

    Worst case, can we ensure that no one can publish a crate called tokio_core if there is already a tokio-core as this is a security risk of someone publishing a malicious crate.

    From the latter link above, it sounds like crates.io already prevents case and -/_ collisions.

    Josh Stone at 2017-09-28 21:14:54

  2. Triage: Here is the corresponding cargo issue: https://github.com/rust-lang/cargo/issues/2775 (available from the above links, but I thought it deserved a mention on its own).

    Martin Nordholts at 2023-09-21 17:01:03