Specifically, the authors are still deciding the right way to architect the library for the myriad of uses that Rust has.
> or even completely vanish (left-pad)
In 99.99% of the cases, you cannot remove a crate from crates.io; you can only prevent new projects from adding the crate as a dependency. The other 0.01% is because of legal reasons, and there's not much to be done about that.
> For every crate you add, you need to do a licence audit
See my sibling comment about backwards compatibility
> Just how often do you imagine the regex crate actually needs to be updated?
You can see the frequency of updates to the regex crate if you are interested: https://crates.io/crates/regex/versions.
Sometimes a release in a few days, or a few a month.
> Or how about the random number generator crate?
Even more interesting, because `rand` hasn't even reached 1.0 yet! https://crates.io/crates/rand/versions
Specifically, the authors are still deciding the right way to architect the library for the myriad of uses that Rust has.
> or even completely vanish (left-pad)
In 99.99% of the cases, you cannot remove a crate from crates.io; you can only prevent new projects from adding the crate as a dependency. The other 0.01% is because of legal reasons, and there's not much to be done about that.
> For every crate you add, you need to do a licence audit
https://github.com/onur/cargo-license claims to show you the licenses of every dependency. It's required to have a license to publish to crates.io.