wapm-cli
cargo-geiger
wapm-cli | cargo-geiger | |
---|---|---|
11 | 30 | |
361 | 1,311 | |
- | 1.1% | |
4.9 | 5.2 | |
about 1 year ago | 14 days ago | |
Rust | Rust | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wapm-cli
-
Fast Matrix Math in JS 2: WASM
To actually compile this we can use a tool called WABT (WebAssembly Binary Toolkit). It's basically a mess that requires CMake and I couldn't get it to run on WSL and I wasn't going to install MinGW. Instead there's a nice tool called WAPM from Wasmer which works like npm for webassembly packages and since it's been compiled down to webassembly we can run it in any environment. In fact we don't even need to add configuration so long as wapm is installed. We can run wax wat2wasm -- wat/mat.wat -o wasm/mat.wasm. wax is like npx for npm. If you're wondering the command we give wax is defined by the wasmer/wabt package: https://wapm.io/wasmer/wabt. Also for some reason you can't prefix local paths with ./ so wax wat2wasm -- ./wat/mat.wat doesn't work which tool me a while to figure out. Anyway this provides a nice simple compile environment if you want to work on raw WAT files.
- WAPM - WebAssembly Package Manager
-
Dozens of malicious PyPI packages discovered targeting developers
That's the main reason we should start using WebAssembly for distributing and using packages.
Shamless plug: Wasmer [1] and WAPM [2] could help a lot on this quest!
[1]: https://wasmer.io/
[2]: https://wapm.io/
- WordPress WASM
-
A Look at Performance in Wasmtime and Cranelift
There's WAPM
-
Packaging and shipping your software
If it's buildable for the WebAssembly WASI target, consider also distributing it through WAPM.
-
Announcing Cargo WAPM
I don't know if many people have heard of it, but there's actually a WebAssembly Package Manager. It's similar to crates.io, except you upload WebAssembly binaries written in any language instead of Rust source code!
-
There’s a cunning workaround for this challenge; rather than compiling JS to Wasm, you can instead compile a JavaScript engine to WebAssembly then use that to execute your code.
You can see this paying off with wapm, which lets you download applications that would have normally required compilation for your environment and run them anywhere with a supported runtime, which is imo pretty neat.
-
Security advisory: malicious crate rustdecimal | Rust Blog
One step closer to the day when I can put actix-web creations up on WAPM so "Just type wax my-cool-thing to try it out" can be one of the distribution options.
-
WebAssembly in my Browser Desktop Environment
I've added limited support to run wapm.io directly from the Terminal. Examples of commands that work well are wapm cowsay {Text} and wapm uuid.
cargo-geiger
-
Was Rust Worth It?
Instead of looking at the crates themselves, you might want to check your (or others') Rust application with https://github.com/rust-secure-code/cargo-geiger to get a sense of effective prevalence. I also dispute that the presence of unsafe somewhere in the dependency tree is an issue in itself, but that's a different discussion that many more had in other sub-threads.
-
Found a language in development called Vale which claims to be the safest AOT compiled language in the World (Claims to beSafer than Rust)
There's still plenty. Run cargo geiger on any of your projects and see for yourself.
-
Question Omnibus: Dependency Fingerprinting, Unsafe Rust, and Memory Safety
On point 2, the answer is cargo geiger, and judging how much memory safety you need for a given project.
- pliron: An extensible compiler IR framework, inspired by MLIR and written in safe Rust.
-
[Discussion] What crates would you like to see?
You can use cargo-geiger or cargo-crev to check for whether people you trusted (e.g. u/jonhoo ) trust this crate.
-
How do you choose what crate you will use?
The amount of unsafe code is also a factor. cargo geiger is a handy tool for measuring it.
-
Seems legit
We have cargo-geiger that does just that.
-
Rosenpass – formally verified post-quantum WireGuard
For that, I believe you need to use cargo-geiger[0] and audit the results.
[0] - https://github.com/rust-secure-code/cargo-geiger
-
Hey Rustaceans! Got a question? Ask here (6/2023)!
cargo-geiger is a subcommand you can install which will check all the crates in your dependency graph for unsafe blocks and print out a report (which also shows if a crate has #![forbid(unsafe_code)] or not). You can then inspect those crates' sources to judge their use of unsafe for yourself. I don't think it has a "check" mode that simply errors if your dependency graph contains unsafe though, it's more about just collecting that information.
-
[CCS Proposal] Preliminary research on rewriting Monero node in Rust
wrt to memory safety, keep in mind that many rust crates use "unsafe" internally. There are tools available that can find these such as cargo-geiger. So I would suggest to avoid unsafe deps as much as possible. Since they cannot be avoided entirely, it is a good idea to keep a list of unsafe deps.
What are some alternatives?
WASM-ImageMagick - Webassembly compilation of https://github.com/ImageMagick/ImageMagick & samples
bacon - background rust code check
js-dos - The best API for running dos programs in browser
ziglings - Learn the Zig programming language by fixing tiny broken programs.
wasmer-js - Monorepo for Javascript WebAssembly packages by Wasmer
nomicon - The Dark Arts of Advanced and Unsafe Rust Programming
Boxedwine
mold - Mold: A Modern Linker ðŸ¦
wordpress-playground - Run WordPress in the browser via WebAssembly PHP
miri - An interpreter for Rust's mid-level intermediate representation
Graphene - GraphQL framework for Python
orz - a high performance, general purpose data compressor written in the crab-lang