Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
cargo-supply-chain
Gather author, contributor and publisher data on crates in your dependency graph.
You're probably thinking of https://github.com/mozilla/cargo-vet or https://github.com/crev-dev/cargo-crev
You're probably thinking of https://github.com/mozilla/cargo-vet or https://github.com/crev-dev/cargo-crev
If we as a community wanted to improve this (which I don't think we do), we can start with increased awareness of dependencies. On crates.io, you can only see the number of dependencies on the third tab of a crate's description. How about we list the number of direct and total dependencies on the metadata sidebar?
Shameless plug: https://github.com/rust-secure-code/cargo-supply-chain shows the supply chain attack surface for your Rust project.
cargo-audit only checks for known issues reported to a vulnerability database.
Also Rust should get a way to embed dependencies versions directly in your binary (basically the content of your Cargo.lock).