@@ -236,20 +236,37 @@ index, except for crates from `git` or `path` sources.
236236
237237[ Cargo registries] [ cargo-docs-registry ] , like crates.io, are centralised sources
238238for crates. A registry's index is the interface between Cargo and the registry
239- that Cargo queries to know which crates are available, what their dependencies
240- are, etc. crates.io's registry index is a Git repository -
241- [ rust-lang/crates.io-index] - which is updated automatically by crates.io when
242- crates are published, yanked, etc. Cargo can query registries using a Git
243- protocol which caches the registry on disk, or using a sparse protocol which
244- exposes the index over HTTP and allows Cargo to avoid Cargo having a local copy
245- of the whole index, which has become quite large for crates.io.
246-
247- Each crate in the registry has a JSON file, following
248- [ a defined schema] [ cargo-json-schema ] . Crates may refer to those in other
249- registries, but all non-` path ` /` git ` crates in the dependency graph must exist
250- in a registry. As the registry index drives the building of Cargo's dependency
251- graph, all non-` path ` /` git ` crates that end up in the dependency graph must be
252- present a registry.
239+ that Cargo queries to know which versions are available for any given crate,
240+ what its dependencies are, etc.
241+
242+ Cargo can query registries using a Git protocol which caches the registry on
243+ disk, or using a sparse protocol which exposes the index over HTTP and allows
244+ Cargo to avoid Cargo having a local copy of the whole index, which has become
245+ quite large for crates.io.
246+
247+ crates.io's registry index is exposed as both a HTTP API and a Git repository -
248+ [ rust-lang/crates.io-index] - both are updated automatically by crates.io when
249+ crates are published, yanked, etc. The HTTP API is mostly used.
250+
251+ Each crate in the registry index has a JSON file, following
252+ [ a defined schema] [ cargo-json-schema ] which is jointly maintained by the Cargo
253+ and crates.io teams. Crates may refer to those in other registries, but all
254+ non-` path ` /` git ` crates in the dependency graph must exist in a registry. As the
255+ registry index drives the building of Cargo's dependency graph, all
256+ non-` path ` /` git ` crates that end up in the dependency graph must be present a
257+ registry.
258+
259+ When a package is published, Cargo posts a JSON blob to the registry which is
260+ not a index entry but has sufficient information to generate one. crates.io does
261+ not use Cargo's JSON blob, instead re-generating it from the ` Cargo.toml ` (this
262+ avoids the index and ` Cargo.toml ` from going out-of-sync due to bugs or
263+ malicious publishes). As a consequence, changes to the index format must be
264+ duplicated in Cargo and crates.io. Behind the scenes, data from the ` Cargo.toml `
265+ extracted by crates.io is written to a database, which is where the index entry
266+ and frontend are generated from.
267+
268+ Dependency information of crates in the registry are rendered in the crates.io
269+ frontend.
253270
254271Registries can have different policies for what crates are accepted. For
255272example, crates.io does not permit publishing packages named ` std ` or ` core ` but
0 commit comments