Crates.io package policies

In general, these policies are guidelines. Problems are often contextual, and exceptional circumstances sometimes require exceptional measures. We plan to continue to clarify and expand these rules over time as new circumstances arise. If your problem is not described below, consider sending us an email.

Package Ownership

We have a first-come, first-served policy on crate names. Upon publishing a package, the publisher will be made owner of the package on Crates.io.

If someone wants to take over a package, and the previous owner agrees, the existing maintainer can add them as an owner, and the new maintainer can remove them. If necessary, the team may reach out to inactive maintainers and help mediate the process of ownership transfer.

Removal

Many questions are specialized instances of a more general form: “Under what circumstances can a package be removed from Crates.io?”

The short version is that packages are first-come, first-served, and we won’t attempt to get into policing what exactly makes a legitimate package. We will do what the law requires us to do, and address flagrant violations of the Rust Code of Conduct.

Squatting

We do not have any policies to define 'squatting', and so will not hand over ownership of a package for that reason.

The Law

For issues such as DMCA violations, trademark and copyright infringement, Crates.io will respect Mozilla Legal’s decisions with regards to content that is hosted.

Code of Conduct

The Rust project has a Code of Conduct which governs appropriate conduct for the Rust community. In general, any content on Crates.io that violates the Code of Conduct may be removed. Here, content can refer to but is not limited to:

There are two important, related aspects:

Security

Cargo and crates.io are projects that are governed by the Rust Programming Language Team. Safety is one of the core principles of Rust, and to that end, we would like to ensure that cargo and crates.io have secure implementations. To learn more about disclosing security vulnerabilities, please reference the Rust Security policy for more details.

Thank you for taking the time to responsibly disclose any issues you find.