cargo-multivers
cargo-deny

cargo-multivers | cargo-deny | |
---|---|---|
1 | 16 | |
171 | 1,857 | |
1.8% | 2.5% | |
7.1 | 8.3 | |
about 2 months ago | 30 days ago | |
Rust | Rust | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cargo-multivers
cargo-deny
-
Build a Database in Four Months with Rust and 647 Open-Source Dependencies
There is `cargo-deny` that handles some enforcement: https://github.com/EmbarkStudios/cargo-deny. Doesn't handle authors, but I suspect it's easy to add?
There is really just a handful of crates that nearly often get pulled in and probably like 5 authors across them.
Supply chain harderning is pretty easy in rust: caro-deny, cargo-suply-chain, cargo-crev, cargo-vet, cargo-{s}bom and probably a few more I can't remember.
-
Please add licenses to your projects, rust DS emulator Dust now dead.
Tip: You can check the licenses of all your dependencies (recursively) using cargo-deny: https://github.com/EmbarkStudios/cargo-deny
- Cargo-deny: a cargo plugin for linting Rust project dependencies
-
What are some useful tools for Rust?
cargo-deny
-
Can versions of a crate be blocked / be made unusable / be made not downloadable?
cargo-deny can help block specified versions of a crate and even has some advisory features that can probably used to block crate with reported vulnerabilities
-
Best way to protect a project from supply chain attacks?
cargo deny for fetching crates only from trusted sources, blacklisting crates, etc.
-
NPM malware and what it could imply for Cargo
Use cargo audit or cargo deny to check the crates in your Cargo.lock to ensure they don't contain any vulnerabilities.
-
This Year in Embedded Rust: 2021 edition
> Explain the crate scanner thing?
I assume a reference to tools that help manage potential issues around dependencies, e.g.:
* https://github.com/rustsec/rustsec/tree/main/cargo-audit
* https://github.com/EmbarkStudios/cargo-deny
"[cargo-audit] Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database."
"cargo-deny is a cargo plugin that lets you lint your project's dependency graph to ensure all your dependencies conform to your expectations and requirements." e.g. license, security advisories, source.
-
Score card for dependencies in a project
cargo-deny does license and security advisory checking, and cargo-geiger does unsafe checking.
-
How can we make sure this doesn't happen with Crates.io?
cargo-deny
What are some alternatives?
cargo-show-asm - cargo subcommand showing the assembly, LLVM-IR and MIR generated for Rust code
cargo-about - 📜 Cargo plugin to generate list of all licenses for a crate 🦀
cargo-release - Cargo subcommand `release`: everything about releasing a rust crate. [Moved to: https://github.com/crate-ci/cargo-release]
watt - Runtime for executing procedural macros as WebAssembly
multiversion - Easy function multiversioning for Rust
static_init
cargo-make - Rust task runner and build tool.
nextest - A next-generation test runner for Rust.
cargo-release - Cargo subcommand `release`: everything about releasing a rust crate.
advisory-db - Security advisory database for Rust crates published through crates.io
xwin - A utility for downloading and packaging the Microsoft CRT & Windows SDK headers and libraries needed for compiling and linking programs targeting Windows.
crates.io-index - Registry index for crates.io
