Suspicious AI-generated article in this week's issue (potential supply-chain attack?)

[p-lindberg]

This week's issue includes an article that seems to be AI-generated:

https://github.com/rust-lang/this-week-in-rust/blob/11651692bf797f26d1524dd550a3ce0a71a4df17/content/2025-07-30-this-week-in-rust.md?plain=1#L48

It reads like a slop fluff piece for the web framework that is the subject of the article, and the methodology and reported metrics in the article do not make a lot of sense. The same account on dev.to is posting tons of these articles every day.

In fact, taking a look at the web framework in question and the Github account that has created it, it all looks very suspiciously AI-generated. This one single account has authored tons of crates in a very short time, all following the same pattern (a few commits every day, no commit message other than a version number, etc). By the looks of it, all of the crates are propping up this web framework, and many of them seem to be reimplementations of commonly available functionalities.

I would be very wary of using this web framework. It may be an attempt to start up a supply-chain attack, considering the very deep tree of dependencies under the control of a single actor who uses dubious methods to market their software.

[liquidhelium]

An original post is found here, posted on 07/22/2025: https://www.cnblogs.com/ltpp/p/18996989. This material is written in Chinese.

After inspection, I found that these Chinese articles are likely ai-generated as well.

More researches revealed that the account, eastspire, even uploaded AI articles on another platform: CSDN, also written in Chinese. Similar articles found on http://www.rskf.cn/news/310492.html and https://juejin.cn/post/7527154276223565864.

[nellshamrell]

Thank you for bringing this to our attention - we will keep an eye out for this (and apologies for the late response!)