|6 days ago||4 days ago|
|GNU General Public License v3.0 or later||GNU General Public License v3.0 or later|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Announcing Rust 1.61.0
6 projects | reddit.com/r/rust | 19 May 2022
Anybody knows when cargo-add will be distributed in stable cargo? Seems merged already.
Nix & Rust - cargo2nix 0.11.0 released
4 projects | reddit.com/r/rust | 15 May 2022
In this case the libary is cargo
Cargo - The Rust package manager
1 project | reddit.com/r/github_trends | 13 May 2022
Supply Chain Thoughts
We might not need to reserve all typos. Soon cargo add will be in the stable release and we are hoping to have crates.io start suggesting it along with or in place of the Cargo.toml snippet. cargo-add could check for typos when you add a dependency. We could even check for registry squatting. If all else fails, we can check for security advisories when adding a crate.
Understanding the bin, sbin, usr/bin, usr/sbin split (2010)
5 projects | news.ycombinator.com | 11 May 2022
There is no specific reason for a program that uses the XDG dirs on other unices to not use them on macOS, other than some idea that it's "alien".
You can have ~/.config/. Nothing in macOS prevents you from having it. And so, some programs do. The worst thing that happens is that, instead of having one directoy ~/.foo you now have one directory ~/.config/foo and nothing else in ~/.config. But as soon as you add the second thing that uses ~/.config, you now have two directories in there instead of a second dotdirectory in ~.
It's just that for a bunch of them the XDG path is only used if it exists - e.g. emacs predates the spec, so it uses ~/.emacs.d (and a few others) first.
Cargo doesn't use the XDG paths at all, apparently - https://github.com/rust-lang/cargo/issues/1734. However it also needs a directory for binaries (~/.cargo/bin) and ~/.local/bin isn't actually in the spec at the moment (https://gitlab.freedesktop.org/xdg/xdg-specs/-/issues/14).
my first nontrivial rust program compiled!
1 project | reddit.com/r/transprogrammer | 7 May 2022
Can I suggest using rustup (https://rustup.rs/) to manage the rust tool chain and cargo (installed by rustup, but https://github.com/rust-lang/cargo) to manage builds and packages? It makes it much easier to handle projects especially with dependencies. The book (https://doc.rust-lang.org/stable/book/title-page.html) outlines how to use it and some stuff for advancing with rust
Hey Rustaceans! Got a question? Ask here! (18/2022)!
8 projects | reddit.com/r/rust | 3 May 2022
The package in question was updated to v3.0 three weeks ago, at the same time as heron itself. Even when I explicitly define the dependency pointing at the git repo (which should find the package subdirectory):
Make `cargo doc` exit non-zero if there's warnings
1 project | reddit.com/r/rust | 2 May 2022
I believe this is the relevant tracking issue
Rust code quality and vulnerability scan tool
7 projects | reddit.com/r/rust | 1 May 2022
4 projects | dev.to | 30 Apr 2022
Use Cargo.toml instead of package.json. You’ll want to add them manually (instead of using a command like yarn add)
When will we learn? - Drew DeVault of Rust's (and other package managers') recent supply chain attack
2 projects | reddit.com/r/rust | 13 May 2022
While I don’t agree that system package managers, I really think that having core/community/unreviewed categorization on crates.io would be very useful. Just like architecture have tiers, crates could have tiers. Core crates would be the standard library, and maybe a very few selected package like regex, serde, … Community crates would contains important crates that have active maintainers.
Supply Chain Thoughts
Sorry, I mean no benefit over the proposal of doing this on the server and outright preventing the publish of a crate with a low edit distance. I also proposed that crates.io maintains an audit log of publishes that includes edit distance, which I think is similar to your suggestion ultimately.
There's no support for scopes (yet). Although introducing scopes may indeed help with a lot of crates.io's issues
criteria for establishing rust popularity?
1 project | reddit.com/r/rust | 11 May 2022
is there an index or something to compare/measure rust popularity with other languages? I want to know how popular rust has become recently and how is its adoption going? whenever i search on google i find "stackoverflow developer survey" come up often, but i would like to see more sources, also is there any source where i can see the evolution of number of crates on crates.io and its comparison with other package managers like pypi or npm etc
Security advisory: malicious crate rustdecimal | Rust Blog
Can crates.io just calc something like "levenshtein distance" for new crate name against existing popular crates, and if it <=2 reject it with "you name very similar to ...".
I do not exspect large enterprises to pull random crates from crates.io. If they work properly, they maintain their own private cargo repository, where they add codebases that are maintained by themself or are mirrored on a crate by crate basis after a thoughtful review.
In fact, the crates.io team can go check this themselves, I think? If it's possible to see "which packages did people request that didn't exist" I suspect they'll find an edit distance of 1 character in >90% of cases. But they don't even have to - there's actually already plenty of research and plenty of attacks that we can look at.
Hey Rustaceans! Got a question? Ask here! (19/2022)!
4 projects | reddit.com/r/rust | 10 May 2022
Does anybody know any interesting details about how crates.io publishing works? And what the best way is to properly vet Rust source code pulled from crates.io?4 projects | reddit.com/r/rust | 10 May 2022
That being said, it would be nice if crates on crates.io would link to the actual source code that was published. At least _alongside_ a link to the git repo.
Smuggling malicious code into crates.io ?
1 project | reddit.com/r/rust | 10 May 2022
I'm discussing Go vs Rust with my boss. He says Go has a better packaging system than rust, because it's possible to publish different code on crates.io than the repo on github. That way, one can accidentally import malicious code, even if one looks at the source code on github. In Go on the other hand, code is pulled from the repo directly, and a database of go.sum hashes ensures that it's always the exact same code.
What are some alternatives?
RustCMake - An example project showing usage of CMake with Rust
plotters - A rust drawing library for high quality data plotting for both WASM and native, statically and realtimely 🦀 📈🚀
gtk4-rs - Rust bindings of GTK 4
Rocket - A web framework for Rust.
Clippy - A bunch of lints to catch common mistakes and improve your Rust code
cargo-outdated - A cargo subcommand for displaying when Rust dependencies are out of date
opencv-rust - Rust bindings for OpenCV 3 & 4
RustScan - 🤖 The Modern Port Scanner 🤖
rust-analyzer - A Rust compiler front-end for IDEs [Moved to: https://github.com/rust-lang/rust-analyzer]
trunk - Build, bundle & ship your Rust WASM application to the web.
windows-rs - Rust for Windows