libs-team
cargo-deny
libs-team | cargo-deny | |
---|---|---|
13 | 15 | |
107 | 1,554 | |
1.9% | 1.7% | |
6.3 | 8.8 | |
3 months ago | 3 days ago | |
Rust | Rust | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
libs-team
-
Error when using cxx to link a Rust-written library in a C++ project
In rust, both release and debug builds use a release version of the runtime. The bugs the debug version is meant to catch are much more difficult to hit in rust (often but not always requiring unsafe). There isn't currently a feature to use the debug runtime in rust-- you can only change C to match for those debug builds.
-
log is going to bump msrv to 1.60
Note that this has been discussed at length (and I do mean "at length") here: https://github.com/rust-lang/libs-team/issues/72
-
Why We Love Rust: Ferris Is Only Part Of It
The Compiler Team, especially the Diagnostics Working Group that improves compiler error messages. The Libs Team, for work on the contents of the standard library documentation
-
Rust in 2023: Growing Up
See https://github.com/rust-lang/libs-team/issues/72#issuecommen... for what I believe is an exhaustive list of possible ways of helping the situation.
-
time: MSRV policy is changing beginning 2023-07-01 to N-2 rustc versions
The point is how the MSRV of a popular crate affects this dynamic for other crates. For an even more extreme example than time, see here for libc, with many heavyweights offering opinions: https://github.com/rust-lang/libs-team/issues/72
-
What are binary crate MSRV policy best practices?
In case you haven't seen it yet, there is a very long discussion surrounding MSRV policy of the libc crate on rust-langs github repo. It's about a library, not a binary, but I think there's a lot of information in the thread, some of which will also apply to binaries.
-
(pre-announcing) clap 4.0, a Rust CLI argument parser
Would you mind sharing your use case for being stuck with a particular version of Rust and why you can't upgrade? In particular with the libs team: https://github.com/rust-lang/libs-team/issues/72
-
Azure CTO: βIt's time to halt starting any new projects in C/C++ β
Compare Stepanov's brilliant design of the STL to Rust's current reworking of their 'binary search api'. https://github.com/rust-lang/libs-team/issues/81
Maybe 'memory safety' isn't the most important thing in this world. To me, writing software that does useful things in the simplest and most correct way is what matters. I get the feeling it's harder to understand my program's correctness with Rust (I mean algorithmic correctness). The C++ standard library has time and space complexity for every algorithm. I'm not seeing that's the case with Rust (correct me if I'm wrong).
-
Is anyone actually stuck on an old version of Rust
There's also the pretty fundamental libc crate that wants to choose an MSRV policy and you can see the full discussion here: https://github.com/rust-lang/libs-team/issues/72
- For rust, I have never see a real world project contains million lines of code, nor more than 1000 components here.
cargo-deny
-
Please add licenses to your projects, rust DS emulator Dust now dead.
Tip: You can check the licenses of all your dependencies (recursively) using cargo-deny: https://github.com/EmbarkStudios/cargo-deny
- Cargo-deny: a cargo plugin for linting Rust project dependencies
-
What are some useful tools for Rust?
cargo-deny
-
Can versions of a crate be blocked / be made unusable / be made not downloadable?
cargo-deny can help block specified versions of a crate and even has some advisory features that can probably used to block crate with reported vulnerabilities
-
Best way to protect a project from supply chain attacks?
cargo deny for fetching crates only from trusted sources, blacklisting crates, etc.
-
NPM malware and what it could imply for Cargo
Use cargo audit or cargo deny to check the crates in your Cargo.lock to ensure they don't contain any vulnerabilities.
-
This Year in Embedded Rust: 2021 edition
> Explain the crate scanner thing?
I assume a reference to tools that help manage potential issues around dependencies, e.g.:
* https://github.com/rustsec/rustsec/tree/main/cargo-audit
* https://github.com/EmbarkStudios/cargo-deny
"[cargo-audit] Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database."
"cargo-deny is a cargo plugin that lets you lint your project's dependency graph to ensure all your dependencies conform to your expectations and requirements." e.g. license, security advisories, source.
-
Score card for dependencies in a project
cargo-deny does license and security advisory checking, and cargo-geiger does unsafe checking.
-
How can we make sure this doesn't happen with Crates.io?
cargo-deny
-
Blog post: Cross compiling Rust Windows binaries from Linux
OpenSSL has been banned in our project for a variety of reasons via cargo-deny for around a year and half, it was actually one of the reasons we created it in the first place.
What are some alternatives?
awesome-rust - A curated list of Rust code and resources.
cargo-about - π Cargo plugin to generate list of all licenses for a crate π¦
meta-rust - OpenEmbedded/Yocto layer for Rust and Cargo
advisory-db - Security advisory database for Rust crates published through crates.io
docs.rs - crates.io documentation generator
xwin - A utility for downloading and packaging the Microsoft CRT headers and libraries, and Windows SDK headers and libraries needed for compiling and linking programs targeting Windows.
namespacing-rfc - RFC for Packages as Optional Namespaces
crates.io-index - Registry index for crates.io
sccache - Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage.
static_init
sled - the champagne of beta embedded databases
nextest - A next-generation test runner for Rust.