cargo-supply-chain
cargo-msrv
cargo-supply-chain | cargo-msrv | |
---|---|---|
20 | 11 | |
311 | 751 | |
1.3% | - | |
4.9 | 9.1 | |
about 1 month ago | 7 days ago | |
Rust | Rust | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cargo-supply-chain
-
Release of Structsy 0.5
Great news! Sounds like a good way to add caching to cargo supply-chain. There's a lot of small chunks of data we want to persist.
-
greater supply chain attack risk due to large dependency trees?
Shameless plug: https://github.com/rust-secure-code/cargo-supply-chain shows the supply chain attack surface for your Rust project.
-
Announcement: xflags 3.0.0
bpaf: https://github.com/rust-secure-code/cargo-supply-chain/blob/29bfcb256001cdef46830544b554d33c56602030/src/cli.rs
-
Yet another command line argument parser: bpaf 0.5.2
I'm very happy with it for cargo supply-chain. I appreciate that it has no unsafe code, no sprawling dependency tree, and supports OsStr in addition to just &str.
-
Best way to protect a project from supply chain attacks?
cargo supply-chain to see your attack surface for supply chain attacks
- Cargo-supply-chain: Rust author, contributor and publisher data for dep. crates
-
Comparing Rust supply chain safety tools
See also: cargo supply-chain
-
Yet another command line argument parser: bpaf 0.4.0
I've used bpaf for cargo supply-chain and I'm very happy with it.
-
Fundamental - finding out who you can fund in dependency tree
https://github.com/rust-secure-code/cargo-supply-chain can also help here.
-
Announcing `cargo supply-chain` v0.3: revamped CLI, separate JSON schema
cargo supply-chain list the publishers of all crates in your dependency graph. With it you can:
cargo-msrv
-
Introducing cargo-ft: a cargo extension for specifying supported targets for a crate
What this tool say? https://github.com/foresterre/cargo-msrv
-
What’s everyone working on this week (19/2023)?
I'm working on cargo-marv.
-
What's your crate's Minimum Supported Rust Version?
Before getting overcome by despair, have a look at cargo-msrv -- this little gem of a tool figures it all out for you!
-
What's everyone working on this week (31/2022)?
I'll be adding a 'minimal' output format to cargo-msrv for use in scripts. I'll also be updating the book, and inch closer towards releasing v0.16.
-
Rust for the Kernel Could Possibly Be Merged for Linux 5.20
First commit 2 months ago, started with edition 2021. https://hg.sr.ht/~cyplo/legdur/browse/Cargo.toml?rev=ca11815...
Have you tried compiling something less than bleeding edge, with a year old compiler, or are you picking projects specifically to "showcase" the supposed failings of the Rust compiler?
Many libraries in the ecosystem have a MSRV (minimum support rust version) guarantee, with compile-time shims to enable newer features if a more recent version is detected.
You can pin your dependencies to those versions (and if they don't have an explicit MSRV, just pin it to a version by date or by running https://github.com/foresterre/cargo-msrv on the project to find the effective MSRV).
You can cargo install specific versions of a binary crate, and if they move to the 2021 edition, or use a recently stabilized standard library function or w/e, you can simply choose to install a specific version, that would work with your distro's rustc/cargo.
I'm not even talking about the completely valid, but last resort strategy of many non-bleeding edge distro package maintainers, of simply creating a .patch file and applying it. In legdur's case, --- edition = "2021" +++ edition = "2018" on Cargo.toml would probably do the trick. For libraries/binaries you control, you can use https://doc.rust-lang.org/cargo/reference/overriding-depende... and https://github.com/itmettkeDE/cargo-patch.
Giving up after the first minor roadblock and crying bloody murder is intellectually lazy.
-
[Gitoxide in January]: full multi-index support in object database and complete git-index reading
Looks helpful though it doesn't seem to address when you don't have a Cargo.lock. I've created an issue for this.
-
What’s everyone working on this week (8/2022)?
I'll be switching over the CLI of cargo-msrv, from Clap's builder methods to the attribute macro. I hope this will simplify the configuration, as my Config and ConfigBuilder structs (which were build from Clap's ArgMatches) was growing fast, and becoming slightly unorganized. With the attribute macro, the config will be constructed directly by code generated by the macro. The mostly saves one intermediate step, and a lot of boilerplate.
- cargo-msrv v0.14.0 release
-
Announcing `cargo supply-chain`: Know whom you trust
Some combination of cargo-outdated and cargo-msrv could probably do this in a slightly more manual fashion.
What are some alternatives?
cap-std - Capability-oriented version of the Rust standard library
toml-bombadil - A dotfile manager with templating
paru - Feature packed AUR helper
crates.io-index - Registry index for crates.io
cargo-crev - A cryptographically verifiable code review system for the cargo (Rust) package manager.
cargo-auditable - Make production Rust binaries auditable
rust_lisp - A Rust-embeddable Lisp, with support for interop with native Rust functions
eve-rs - A simple, intuitive, express-like HTTP library
cargo-llvm-cov - Cargo subcommand to easily use LLVM source-based code coverage (-C instrument-coverage).
competitive-programming-rs - Algorithm Snippets for Competitive Programming in Rust