console VS rustsec

tokio-console is a debugger for Rust async programs that use Tokio. To get started, add the console-subscriber crate to your project and add the following line which will initialise the subscriber and allow tokio-console to connect to it:

You could try https://github.com/tokio-rs/console to debug and profile what happens with tokio tasks in your program.

The tokio-console CLI is a fun one. The console-subscriber supports shipping to a console server running elsewhere, apparently. That gives you a window into what's happening now.

Tokio console maybe? https://github.com/tokio-rs/console

If I add "console_subscriber::init()" line as https://github.com/tokio-rs/console recommends, tracing_subscriber cannot be initialized.

I'm building an HTTP load tester called pdc! I have run out of obvious (to me at least) places to look for performance gains. I'm achieving around 45,000 requests per second, per core. Right now I'm using hyper with a separate tokio runtime (in current thread mode) running on each core. So far having runtime on each core/NUMA node has really helped with cache coherency. Any recommendations for profiling beyond tokio console or tokio metrics (Convenient timing amirite!)?

It was just an accident and has been fixed https://github.com/tokio-rs/console/issues/270.

P.S. Tokio [now also has Tokio Console](https://github.com/tokio-rs/console) allowing you to conveniently troubleshoot your tasks if they are causing issues :)

You can opt-in to async runtime such as tokio, and you can use tokio-rs/console for it's top-like metric

cargo-audit is a simple Cargo tool for detecting vulnerable Rust crates. You can install it with cargo install cargo-audit, use cargo audit and you’re done! Any vulnerable crates will appear below, like so:

Further we use cargo-auditable and cargo-audit as part of both our pipeline and regular scanning of all deployed services. This makes our InfoSec and Legal super happy since it means they can also monitor compliance with licenses and patch/update timings.

Yeah your decade old single header libs get so many audits by comparison.

https://github.com/RustSec/rustsec/tree/main/cargo-audit

https://mozilla.github.io/cargo-vet/

cargo is not npm

PSA: before filing CVEs for other people's projects, file an issue with https://rustsec.org instead

Historically, such serious bugs get communicated broadly and addressed very quickly via security advisory blog posts and on https://rustsec.org.

For known vulnerabilities we have the rustsec vulnerability database. You could have a look over there for inspiration. There's also the related cargo-audit for checking dependencies for known vulnerabilities.

Would be cool if this was also reported to https://rustsec.org/ that way cargo audit could pick up and alert the users about it.

P.S. I also made scanning binaries 5x faster in the latest release of cargo audit.

Thanks to cargo and the community, project maintenance is straightforward in rust. You'll need to install cargo-outdated and cargo-audit:

Use the automated tools to assist you in the maintenance of your projects: rustfmt, clippy, cargo update, cargo outdated and cargo-audit.