• Category: Outage
  • Status: confirmed
  • Sources: crates.io status
  • Summary: crates.io reported what it described as a coordinated denial-of-service attack against its API servers on 2026-07-11, opened at 14:22 UTC and resolved at 15:42 UTC. It stated crate downloads and dependency resolution through the sparse and git index should not be affected, placing the impact on the API and web surface rather than cargo build fetches. Countermeasures deployed around 15:06 UTC brought servers largely back to normal, and the team credited Fastly's CDN for the response.
  • Why it matters: crates.io is the Rust ecosystem's package registry, so an API-server DoS degrades publishing and metadata access even while index-based dependency resolution keeps working.

Send feedback on this story