I've compared nearly all Rust crates.io crates to contents of their Git repos

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
  • aports

    [MIRROR] Alpine packages build scripts

    Distro repositories (like the one you have on Debian / Ubuntu / Redhat etc) do this.

    They work on a different model, where only packages that are deemed "worthy" are included, and there's a small-ish set of maintainers that are authorized to make changes and/or accept change requests from the community. In contrast, programming language package managers like cargo, pip or npm let anybody upload new packages with little to no prior verification, and place the responsibility of maintaining them solely on their author.

    The distribution way of doing things is sometimes necessary, as different distributions have different policies on what they allow in their repositories, might want to change compilation options or installation paths, backport bug and security fixes from newer project versions for compatibility, or even introduce small code changes to make the program work better (or work at all) on that system.

    One example of such a repository, for the Alpine Linux distribution, is at https://github.com/alpinelinux/aports

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • up-examples

    Example apps, apis, and sites for Up.

    That’s true, except that the lockfile records revision as a commit sha.


  • go

    The Go programming language

    The problem is that if you clone the Git repository, or view it on GitHub, you have no assurance that you're seeing the same code that the go command or the Go module proxy saw. The author of a malicious module could change the Git tag to point to a different, benign, commit after the Go module proxy caches the malicious copy. There are other tricks an attacker can play as well: https://github.com/golang/go/issues/66653

    Ultimately, if you're doing a code audit, you have to compute the checksum of the code that you're looking at, and compare it against the entry in go.sum or the checksum database to make sure you're auditing the right copy.

  • nixpkgs

    Nix Packages collection & NixOS

    That's what nixpkgs does for Nix/NixOS. The package set is continuously built by a CI system and made publicly available: https://github.com/NixOS/nixpkgs#continuous-integration-and-...

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • It's always TCP_NODELAY. Every damn time

    7 projects | news.ycombinator.com | 9 May 2024
  • Gonna attempt syncthing through iSH. Hoping to additionally expose files using WebDav

    2 projects | /r/ish | 6 May 2023
  • “Static Linking Considered Harmful” Considered Harmful

    5 projects | news.ycombinator.com | 3 Oct 2021
  • Modern CI is Too Complex and Misdirected

    5 projects | /r/programming | 22 Apr 2021
  • Google Now Defaults to Not Indexing Your Content

    1 project | news.ycombinator.com | 16 Jul 2024

Did you konow that Go is
the 4th most popular programming language
based on number of metions?