nodo
wg
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nodo
-
Not allowed to use 3rd party code
Oh, certainly. One of the projects I really need to get back to has a hand-rolled argument parser because it's security critical and its needs are so simple and specialized.
-
Compiling in chroot? (for security)
(The repo is here if you want to subscribe for notification of updates when I get back to it.)
-
NPM malware and what it could imply for Cargo
It's using the placeholder name nodo (like "superuser do", but "you no do") and it's currently at https://github.com/ssokolow/nodo
-
Backdooring Rust crates for fun and profit
OK. It's at https://github.com/ssokolow/nodo/issues/1 until I come up with a non-placeholder name.
wg
-
Compiling version information into Rust binary
Check cargo-auditable or this thread on the same topic.
-
Rustaceans at the Border [Linux Kernel]
For other repro curious readers, this seems like a good entry point to follow reproducibility efforts: https://github.com/rust-secure-code/wg/issues/28
-
NPM malware and what it could imply for Cargo
If this topic interests you generally, please check out the Rust Secure Code Working Group.
-
How can we make sure this doesn't happen with Crates.io?
The Rust Secure Code Working Group, of which I'm a member, is one. We maintain the RUSTSEC security advisory database at:
What are some alternatives?
cargo-crev - A cryptographically verifiable code review system for the cargo (Rust) package manager.
namespacing-rfc - RFC for Packages as Optional Namespaces
cargo-supply-chain - Gather author, contributor and publisher data on crates in your dependency graph.
kerla - A new operating system kernel with Linux binary compatibility written in Rust.
grapl - Graph platform for Detection and Response
rustsec - RustSec API & Tooling
cap-std - Capability-oriented version of the Rust standard library
ua-parser-js - UAParser.js - Free & open-source JavaScript library to detect user's Browser, Engine, OS, CPU, and Device type/model. Runs either in browser (client-side) or node.js (server-side).
watt - Runtime for executing procedural macros as WebAssembly
n - Node version management
crates.io - The Rust package registry