cargo-deny
watt
Our great sponsors
cargo-deny | watt | |
---|---|---|
15 | 21 | |
1,550 | 1,222 | |
4.0% | - | |
8.8 | 7.3 | |
4 days ago | 12 days ago | |
Rust | Rust | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cargo-deny
-
Please add licenses to your projects, rust DS emulator Dust now dead.
Tip: You can check the licenses of all your dependencies (recursively) using cargo-deny: https://github.com/EmbarkStudios/cargo-deny
- Cargo-deny: a cargo plugin for linting Rust project dependencies
-
What are some useful tools for Rust?
cargo-deny
-
Can versions of a crate be blocked / be made unusable / be made not downloadable?
cargo-deny can help block specified versions of a crate and even has some advisory features that can probably used to block crate with reported vulnerabilities
-
Best way to protect a project from supply chain attacks?
cargo deny for fetching crates only from trusted sources, blacklisting crates, etc.
-
NPM malware and what it could imply for Cargo
Use cargo audit or cargo deny to check the crates in your Cargo.lock to ensure they don't contain any vulnerabilities.
-
This Year in Embedded Rust: 2021 edition
> Explain the crate scanner thing?
I assume a reference to tools that help manage potential issues around dependencies, e.g.:
* https://github.com/rustsec/rustsec/tree/main/cargo-audit
* https://github.com/EmbarkStudios/cargo-deny
"[cargo-audit] Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database."
"cargo-deny is a cargo plugin that lets you lint your project's dependency graph to ensure all your dependencies conform to your expectations and requirements." e.g. license, security advisories, source.
-
Score card for dependencies in a project
cargo-deny does license and security advisory checking, and cargo-geiger does unsafe checking.
-
How can we make sure this doesn't happen with Crates.io?
cargo-deny
-
Blog post: Cross compiling Rust Windows binaries from Linux
OpenSSL has been banned in our project for a variety of reasons via cargo-deny for around a year and half, it was actually one of the reasons we created it in the first place.
watt
-
Rust devs push back as Serde project ships precompiled binaries
The precompiled binary is not a sandboxed WASM binary. Despite the name "watt" it has nothing to do with https://github.com/dtolnay/watt . You can look at the actual code to see for yourself.
- Arbitrary code execution during compilation – rust
-
syn v2.0.0 released
* Related: watt is one approach to pre-compile proc-macro crates using WASM.
-
My first year with Rust: The good, the bad, the ugly
In addition to thiserror and anyhow, our resident superhuman Rust-improving Robot, dtolnay, also developed an experiment in distributing precompiled proc macros as WebAssembly named Watt and, though I never bothered to create a Zulip account so I don't know what was said, I'm told there has been discussion around the idea of implementing something in that vein.
-
Rust is coming to the Linux kernel
I think when we have Cranelift, Mold, and maybe Watt all working together then compile times will basically be a non-issue. It'll be a few years though.
- watt: Runtime for executing (Rust) procedural macros as WebAssembly
-
Security advisory: malicious crate rustdecimal | Rust Blog
Check out https://github.com/dtolnay/watt - it's a really interesting solution to the problem!
-
Backdooring Rust crates for fun and profit
I really like the idea of Watt: https://github.com/dtolnay/watt Run macros in a wasm sandbox so they can't touch anything you don't explicitly allow.
-
NPM malware and what it could imply for Cargo
I really wish there was more interest in getting something like Watt upstreamed.
- Things I hate about Rust, redux
What are some alternatives?
cargo-about - 📜 Cargo plugin to generate list of all licenses for a crate 🦀
godot-wasm-engine
advisory-db - Security advisory database for Rust crates published through crates.io
cargo2nix - Granular builds of Rust projects for Nix
xwin - A utility for downloading and packaging the Microsoft CRT headers and libraries, and Windows SDK headers and libraries needed for compiling and linking programs targeting Windows.
kani - Kani Rust Verifier
crates.io-index - Registry index for crates.io
cap-std - Capability-oriented version of the Rust standard library
static_init
awesome-wasm-runtimes - A list of webassemby runtimes
nextest - A next-generation test runner for Rust.
sccache - Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage.