Pip and cargo are not the same

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Code Review Code Review Scalable P2P

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • crates.io-index

    Registry index for crates.io

    • > If I'm not mistaken, it needs to download a package to know its dependencies and version constraints.

    It's even worse than that. It needs to execute a python script (setup.py?) per package to get a list of it's dependencies and constraints. As that script may contain arbitrary platform-dependent logic (and in the case of ML-related packages often does), which means that it can be impossible to resolve dependencies for other platforms.

    > Not sure how other package managers avoid that. Maybe the central package repositories can expose the dependencies metadata without needing to download the actual package?

    Yes exactly.

    For dependency resolution, cargo uses only a git based index[0] which is optimized to contain only the information required for dependency resolution (omitting other package metadata such as e.g. authors). So it syncs the git repository and after that it is just lookups in local files of the index.

    Only after dependency resolution does it need to consult an external server for retrieval of the actual package contents.

    [0]: https://github.com/rust-lang/crates.io-index

  • rdfind

    find duplicate files utility

    • I use rdfind to deal with this: https://github.com/pauldreik/rdfind

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • fclones

    Efficient Duplicate File Finder

    • Yes, that would be safer when available (although generally files within library dependencies are not modified I think?). It looks like fclones implements this, is faster and is written in Rust https://github.com/pkolaczk/fclones (the last is the most important point of course /s).

  • cargo-crev

    A cryptographically verifiable code review system for the cargo (Rust) package manager.

    • There is a similar idea being explored with https://github.com/crev-dev/cargo-crev - you trust a reviewer who reviews crates for trustworthiness, as well as other reviewers.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts