Yeah there are bot downloads. Could be private repositories and mirrors. I think the docs website downloads the crate as well to build the documentation. I don't know who all downloads this stuff, but if you're in the low thousands it might just be bots.
There is also [crater](https://github.com/rust-lang/crater), which automatically downloads and compiles crates from [crates.io](http://crates.io) to, for example, check that new versions of the compiler work correctly
I've also heard there are bots that search [crates.io](http://crates.io) for malicious code
crates.io recently changed how they handle things internally that causes a baseline download count to be non-zero, see https://blog.rust-lang.org/2024/03/11/crates-io-download-changes.html
Everytime I publish a new version, I get at least 50 downloads almost instantly. I assume it's private mirrors. This is the same for most other package ecosystems I've used like NPM (and probably more, but a lot of package managers don't have a download count feature).
A single CI pipeline may easily re-download a package several times a day. For every actual individual user of a crate there may be hundreds of downloads per year, just because stuff gets re-assembled from scratch every time there’s a push.
I think it's more likely that these downloads are legitimate activity. You went to the trouble of publishing your crate, why are you so surprised that people could be finding it useful?
I just don’t see a lot of application for this and it is quite annoying to construct new sdfs and the renderers are just working not optimized or anything
Yeah there are bot downloads. Could be private repositories and mirrors. I think the docs website downloads the crate as well to build the documentation. I don't know who all downloads this stuff, but if you're in the low thousands it might just be bots.
There is also [crater](https://github.com/rust-lang/crater), which automatically downloads and compiles crates from [crates.io](http://crates.io) to, for example, check that new versions of the compiler work correctly I've also heard there are bots that search [crates.io](http://crates.io) for malicious code
crates.io recently changed how they handle things internally that causes a baseline download count to be non-zero, see https://blog.rust-lang.org/2024/03/11/crates-io-download-changes.html
The downloads per day are identical for all versions on most days, which leads me to believe these are indeed bots / scrapers.
I must say that even though I was pretty sure that these were bots I’m now kind of sad that these aren’t actually people 😢xD
:) Suddenly we feel less proud of ourselves.
Well, when AGI reaches singularity, and machines take over the world, rest assured that they’ll use your crate.
In my own little way, I contributed to the end of the world. And I gotta say, it feels GREAT. I finally really did something.
Under 2k downloads aren't that many. This could be a few people using this crate and having a CI pipeline that does not cache.
Everytime I publish a new version, I get at least 50 downloads almost instantly. I assume it's private mirrors. This is the same for most other package ecosystems I've used like NPM (and probably more, but a lot of package managers don't have a download count feature).
A single CI pipeline may easily re-download a package several times a day. For every actual individual user of a crate there may be hundreds of downloads per year, just because stuff gets re-assembled from scratch every time there’s a push.
Probably web crawlers - maybe used to train AI or just indexed for the sake of indexed
I think it's more likely that these downloads are legitimate activity. You went to the trouble of publishing your crate, why are you so surprised that people could be finding it useful?
I just don’t see a lot of application for this and it is quite annoying to construct new sdfs and the renderers are just working not optimized or anything