A new release of a dependency just broke half the Rust ecosystem https://github.com/kentfredric/quote/commit/e73264276e0536a95fb50e60506e7614dce587ed …https://github.com/rust-lang-nursery/failure/issues/342 …
Oh, also have a decent standard library to minimize the number of required dependencies. Having to pull an external crate from an individual just for error handling is no better than the left-pad package in JavaScript.
. A cheaper lesson than if it was a compromised package.