cargo-deny
just
cargo-deny | just | |
---|---|---|
15 | 167 | |
1,554 | 17,403 | |
1.7% | - | |
8.8 | 9.0 | |
5 days ago | 7 days ago | |
Rust | Rust | |
Apache License 2.0 | Creative Commons Zero v1.0 Universal |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cargo-deny
-
Please add licenses to your projects, rust DS emulator Dust now dead.
Tip: You can check the licenses of all your dependencies (recursively) using cargo-deny: https://github.com/EmbarkStudios/cargo-deny
- Cargo-deny: a cargo plugin for linting Rust project dependencies
-
What are some useful tools for Rust?
cargo-deny
-
Can versions of a crate be blocked / be made unusable / be made not downloadable?
cargo-deny can help block specified versions of a crate and even has some advisory features that can probably used to block crate with reported vulnerabilities
-
Best way to protect a project from supply chain attacks?
cargo deny for fetching crates only from trusted sources, blacklisting crates, etc.
-
NPM malware and what it could imply for Cargo
Use cargo audit or cargo deny to check the crates in your Cargo.lock to ensure they don't contain any vulnerabilities.
-
This Year in Embedded Rust: 2021 edition
> Explain the crate scanner thing?
I assume a reference to tools that help manage potential issues around dependencies, e.g.:
* https://github.com/rustsec/rustsec/tree/main/cargo-audit
* https://github.com/EmbarkStudios/cargo-deny
"[cargo-audit] Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database."
"cargo-deny is a cargo plugin that lets you lint your project's dependency graph to ensure all your dependencies conform to your expectations and requirements." e.g. license, security advisories, source.
-
Score card for dependencies in a project
cargo-deny does license and security advisory checking, and cargo-geiger does unsafe checking.
-
How can we make sure this doesn't happen with Crates.io?
cargo-deny
-
Blog post: Cross compiling Rust Windows binaries from Linux
OpenSSL has been banned in our project for a variety of reasons via cargo-deny for around a year and half, it was actually one of the reasons we created it in the first place.
just
-
I stopped worrying and loved Makefiles
I don't like makefiles, but I've been enjoying justfiles: https://github.com/casey/just
- Just a Command Runner
-
Ask HN: Any tool for managing large and variable command lines?
I started using just [0] on my projects and have been very happy so far. It is very similar to make but focused on commands rather than build outputs.
Define your recipes and then you can compose them as needed.
[0] https://github.com/casey/just
-
Ask HN: What software sparks joy when using?
just - https://github.com/casey/just
-
GitHub switched to Docker Compose v2, action needed
Welp there is absolute chaos in that thread -- guess it's not an April Fools joke.
I wonder if relying on CI for anything other than provisioning machines is a mistake -- maybe we should have never moved from doing things from local scripts written in $LANGUAGE.
That said, I'm probably biased since I'm a massive fan of things like `make` and more appropriately for the current age, `just`[0]
[0]: https://github.com/casey/just
-
Which command did you run 1731 days ago?
> When a command has some cognitive requirements I create a script with some ${1:-default} values and I store them all in $PATH enabled local/bin
I would consider using just for this:
https://github.com/casey/just
-
Using Make β writing less Makefile
Your coworker's experience is more principled: Make is a mediocre tool for executing commands. It wasn't ever designed for that. Although it is pretty common to see what you are mentioning in projects because it doesn't require installing a dependency.
For a repo where an easy to install (single binary) dependency is a non-issue, consider using just. [1] You get `just -l` where you can see all the command available, the ability to use different languages, and overall simpler command writing.
[1] https://github.com/casey/just
-
Show HN: Just.sh β compiler that turns Justfiles into portable shell scripts
This is fantastic, but I'd say that this solution is somewhat in response to this open issue from 2019:
https://github.com/casey/just/issues/429
I really wish just was included as a package in distributions.
-
Sharing Saturday #496
So far, I didn't work on new features at all but on stabilizing the ground for further development: 1. CMake lists and modules were rewritten a lot, now managing builds and their configurations is much lesser pain. 2. Brought in Justfile for regular tasks, and it's great, no less. 3. Linters, formatters, analyzers for almost all the code (except for Janet for now, as because of it being a niche and young technology, it didn't get enough attention yet). 4. ECS stub. Now runtime class doesn't look like a god object. 5. Started writing unit tests which didn't happen with my personal projects before and maybe indicates how serious am I about this one :D 6. Some of previously hardcoded data has been moved to INI files. Now, if I release the game in 10 years, and in 10 more years some eccentric person decides to make a variant of it, it will be slightly simpler.
-
Whatβs with DevOps engineers using `make` of all things?
i've grown to like this for my personal projects. https://github.com/casey/just
What are some alternatives?
cargo-about - π Cargo plugin to generate list of all licenses for a crate π¦
Task - A task runner / simpler Make alternative written in Go
advisory-db - Security advisory database for Rust crates published through crates.io
cargo-make - Rust task runner and build tool.
xwin - A utility for downloading and packaging the Microsoft CRT headers and libraries, and Windows SDK headers and libraries needed for compiling and linking programs targeting Windows.
cargo-xtask
crates.io-index - Registry index for crates.io
Taskfile - Repository for the Taskfile template.
static_init
CodeLLDB - A native debugger extension for VSCode based on LLDB
nextest - A next-generation test runner for Rust.
cargo-release - Cargo subcommand `release`: everything about releasing a rust crate.