When I install some Linux app from, let’s say GitHub, I can feel how long without updates means the project is not maintained.
For example last commit being 5 years ago for GTK app is a long time and this is considered an abandoned repo. For super simple things like cowsay it’s not that simple but still I can feel it.
How is that with crates with Rust? I see a lot of parsers or web libraries that are not updated for a year, two years, three years… How old is too old?
Also, many of them have a version 0.x.x, so can I even consider them stable?
It all depends on how “finished” the project is, and how much it has to track a moving ecosystem.
There’s a lot of crates that you can probably write once and be done with it. Like, a unit converter that’s not been updated since the first version of Rust is probably still just fine to use. A meter and a feet won’t change length anytime soon.
Even a GTK app that’s not been updated in 5 years that might not be a problem at all as long as it compiles. Windows is full of apps that were written 30 years ago and are still shipped basically unchanged. The calculator and notepad were two examples until Windows 10/11.
Another example: an FTP library or client. It’s basically a dead protocol at this point, so even if it’s not been updated in years, it’s likely fine and there’s not much to improve on.
It really depends on what it does and how much the rest of the world around it is changing and how complete the code is already.
This hits the nail on the head.
Some crates, especially things like data structures, are just “finished” at some point.
Then again, if those kinds of crates have deps, the deps should be updated semi regularly.
Its good to use cargo-audit to find indirect security/safety issues.
If it doesn’t work anymore then it’s too old
You can always reach out to the maintainers to see. Some of them might have behind the scenes work going on, others might consider the crate complete if it’s already hit 1.0.0.
I don’t think you’ll find a one size fits all answer here, it depends the crate.
I like to look at Issues and Pull Requests on Github if a crate wasn’t updated for multiple years. If there are already problems like unsoundness, deprecation, or breaking bugs mentioned with no reaction shown by the maintainer, that is a good sign to look elsewhere instead. If everything seems fine and the crate isn’t very complex or security-critical, it is probably not an issue.