CRITICAL
GHSA-g38r-8gmr-ghrf
`mysten-metrics` was removed from crates.io for malicious code
Details
`mysten-metrics` included a build script that attempted to exfiltrate data from the build machine.
The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io.
Are you affected?
Enter the version of the package you're using.
Affected packages
crates.io / mysten-metrics
Introduced in:
0 No fixed version published yet for mysten-metrics. Pin to a known-safe version or switch to an alternative.