The Wire · Showcase
CRATES.IO REFACTORS GITHUB AUTH, LIBC FIXES WASM64 PTHREAD CORRUPTION
By RepoJournal · Filed · About Rust
Crates.io collapsed its scattered GitHub authentication patterns into a single enum while libc patches a critical memory corruption bug in wasm64 pthread initialization.
The crates.io team shipped a significant auth refactor [1] that replaces scattered bearer tokens and basic auth patterns with a unified `GitHubAuth` enum, eliminating redundant auth-closure parameters and simplifying the entire client surface. This work continues through two follow-up commits [2] [3] that migrate from `oauth2::AccessToken` to `secrecy::SecretString`, dropping the oauth2 dependency entirely and tightening secret handling across the stack.
Meanwhile, libc addressed a show-stopping bug in wasm64-unknown-emscripten where hardcoded wasm32 pthread type sizes were overrunning stack-allocated structures during thread spawn, causing silent corruption [4] [5]. The fix makes pthread sizes pointer-width-aware, doubling the size of pthread_attr_t and pthread_mutex_t on MEMORY64 targets. The libc team also landed a companion PR [6] adding conditional compiler flag support to ctest so future platform-specific fixes can be tested cleanly.
On the compiler side, rust merged quality-of-life improvements: better error messages for invalid cfg predicates [7], fixes to match expression diagnostic output [8], and a documentation clarification for weak lock sentinels in Arc [9]. The rustdoc team fixed a regression where hidden aliased items were being completely stripped instead of preserved as placeholders [10].
Action items
- → Review crates.io auth refactor if you maintain GitHub-integration code rust-lang/crates.io [plan]
- → If deploying to wasm64-unknown-emscripten, update libc immediately rust-lang/libc [immediate]
- → Monitor next Rust release for improved cfg predicate errors in your CI rust-lang/rust [monitor]
References
- [1] Replace `GitHubClient` auth args with `GitHubAuth` enum ↗ rust-lang/crates.io
- [2] util/gh_token_encryption: Return `SecretString` from `decrypt()` rust-lang/crates.io
- [3] github: Use `SecretString` for `GitHubAuth::Bearer` token rust-lang/crates.io
- [4] emscripten: fix pthread type sizes for wasm64 (MEMORY64) rust-lang/libc
- [5] emscripten: fix pthread type sizes for wasm64 (MEMORY64) ↗ rust-lang/libc
- [6] ctest: probe optional compiler flags ↗ rust-lang/libc
- [7] Rollup merge of #157613 - evavh:invalid-predicate-error, r=JonathanBrouwer rust-lang/rust
- [8] Match expressions had not been updated to also show the match_source, since the time that was added rust-lang/rust
- [9] Auto merge of #157858 - JonathanBrouwer:rollup-TnNKRa4, r=JonathanBrouwer rust-lang/rust
- [10] Rollup merge of #157838 - qaijuang:rustdoc-hidden-aliased-fields, r=GuillaumeGomez,Urgau rust-lang/rust
FAQ
- What changed in Rust on June 14, 2026?
- Crates.io collapsed its scattered GitHub authentication patterns into a single enum while libc patches a critical memory corruption bug in wasm64 pthread initialization.
- What should Rust teams do about it?
- Review crates.io auth refactor if you maintain GitHub-integration code • If deploying to wasm64-unknown-emscripten, update libc immediately • Monitor next Rust release for improved cfg predicate errors in your CI
- Which Rust repositories shipped on June 14, 2026?
- rust-lang/crates.io, rust-lang/libc, rust-lang/rust