Announcing `cargo supply-chain`: Know whom you trust

This page summarizes the projects mentioned and recommended in the original post on /r/rust
Cargo HacktoberFest Build system dependency-graph Code

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • cargo-supply-chain

    Gather author, contributor and publisher data on crates in your dependency graph.

  • paru

    Feature packed AUR helper

    • I noticed that running cargo supply-chain publishers on paru results in 78. gentoo90 via crates: winreg, even though winreg is not a dependency of paru on Linux if I run cargo tree. (paru is a Pacman AUR helper, not designed to run on Windows.)

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • crates.io-index

    Registry index for crates.io

    • The crates.io index published as a git repo does not contain this info either.

  • cargo-outdated

    A cargo subcommand for displaying when Rust dependencies are out of date

    • Some combination of cargo-outdated and cargo-msrv could probably do this in a slightly more manual fashion.

  • cargo-msrv

    🦀 Find the minimum supported Rust version (MSRV) for your project

    • Some combination of cargo-outdated and cargo-msrv could probably do this in a slightly more manual fashion.

  • cargo-crev

    A cryptographically verifiable code review system for the cargo (Rust) package manager.

    • Another similar tool, but geared toward cryptographic web-of-trust code review, is cargo-crev.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts