Polyglot for Maven
cargo-geiger
Polyglot for Maven | cargo-geiger | |
---|---|---|
12 | 30 | |
865 | 1,311 | |
0.1% | 1.1% | |
6.7 | 5.2 | |
about 2 months ago | 14 days ago | |
Java | Rust | |
Eclipse Public License 1.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Polyglot for Maven
-
Was Rust Worth It?
And you don't even need to use XML with Polyglot Maven
https://github.com/takari/polyglot-maven
-
Why did Spring Initializr Change the Default to Gradle?
If you prefer the shorter alternative, you might want to use the Polyglot XML extension https://github.com/takari/polyglot-maven/tree/master/polyglot-xml
-
Gradle 8.0
Here you go: https://github.com/takari/polyglot-maven
- Does something like Javas Jhipster exist for Python?
- Maven Polyglot
-
Maven is turning 20 today 🥳 To many more years of stable Java builds 🍻
Fun fact, POM files can be in formats other than XML (although I have no idea if IJ would tolerate such shenanigans): https://github.com/takari/polyglot-maven/blob/polyglot-0.4.8/polyglot-yaml/src/test/resources/snakeyaml/pom.yaml
-
From Maven 3 to Maven 5
There is a certain argument to be made for user ergonomy. Many developers are drawn to Gradle and friends, or to work with polyglot Maven, because they support a more concise syntax. This is not necessarily a contradiction with Maven's Goals!
- Why doesn't everyone use gradle?
-
The Maven Wrapper has now been officially released from the Apache Maven Project
I wished they‘d finally embrace polyglot maven https://github.com/takari/polyglot-maven. pom.yaml rule the world.
-
Gradle 7.0 Released
It seems merely adding a file to the .mvn directory will do as you wish: https://github.com/takari/polyglot-maven#usage
I have avoided that road because it's one more thing that is a snowflake in the very area where I don't want to blazing trails. But I have personally tried their approach before and can confirm it does work as advertised. I can't recall if IJ lost its mind over pulling a stunt like that, but arguably if it did, then filing a YouTrack is an appropriate next step
cargo-geiger
-
Was Rust Worth It?
Instead of looking at the crates themselves, you might want to check your (or others') Rust application with https://github.com/rust-secure-code/cargo-geiger to get a sense of effective prevalence. I also dispute that the presence of unsafe somewhere in the dependency tree is an issue in itself, but that's a different discussion that many more had in other sub-threads.
-
Found a language in development called Vale which claims to be the safest AOT compiled language in the World (Claims to beSafer than Rust)
There's still plenty. Run cargo geiger on any of your projects and see for yourself.
-
Question Omnibus: Dependency Fingerprinting, Unsafe Rust, and Memory Safety
On point 2, the answer is cargo geiger, and judging how much memory safety you need for a given project.
- pliron: An extensible compiler IR framework, inspired by MLIR and written in safe Rust.
-
[Discussion] What crates would you like to see?
You can use cargo-geiger or cargo-crev to check for whether people you trusted (e.g. u/jonhoo ) trust this crate.
-
How do you choose what crate you will use?
The amount of unsafe code is also a factor. cargo geiger is a handy tool for measuring it.
-
Seems legit
We have cargo-geiger that does just that.
-
Rosenpass – formally verified post-quantum WireGuard
For that, I believe you need to use cargo-geiger[0] and audit the results.
[0] - https://github.com/rust-secure-code/cargo-geiger
-
Hey Rustaceans! Got a question? Ask here (6/2023)!
cargo-geiger is a subcommand you can install which will check all the crates in your dependency graph for unsafe blocks and print out a report (which also shows if a crate has #![forbid(unsafe_code)] or not). You can then inspect those crates' sources to judge their use of unsafe for yourself. I don't think it has a "check" mode that simply errors if your dependency graph contains unsafe though, it's more about just collecting that information.
-
[CCS Proposal] Preliminary research on rewriting Monero node in Rust
wrt to memory safety, keep in mind that many rust crates use "unsafe" internally. There are tools available that can find these such as cargo-geiger. So I would suggest to avoid unsafe deps as much as possible. Since they cannot be avoided entirely, it is a good idea to keep a list of unsafe deps.
What are some alternatives?
Joda-Money - Java library to represent monetary amounts.
bacon - background rust code check
Maven Wrapper - The easiest way to integrate Maven into your project!
ziglings - Learn the Zig programming language by fixing tiny broken programs.
Membrane Service Proxy - API gateway for REST, OpenAPI, GraphQL and SOAP written in Java.
nomicon - The Dark Arts of Advanced and Unsafe Rust Programming
J2ObjC - A Java to iOS Objective-C translation tool and runtime.
mold - Mold: A Modern Linker 🦠
Codename One - Cross-platform framework for building truly native mobile apps with Java or Kotlin. Write Once Run Anywhere support for iOS, Android, Desktop & Web.
miri - An interpreter for Rust's mid-level intermediate representation
sitemapgen4j - SitemapGen4j is a library to generate XML sitemaps in Java.
orz - a high performance, general purpose data compressor written in the crab-lang