What precautions does the crates registry have against malicious supply chain attacks?

This page summarizes the projects mentioned and recommended in the original post on /r/rust
Security Code Rust Review Code Review

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • cargo-crev

    A cryptographically verifiable code review system for the cargo (Rust) package manager.

    • Cargo crev is a really cool idea to collect code reviews and help you understand your dependencies. https://github.com/crev-dev/cargo-crev

  • ed25519

    Portable C implementation of Ed25519, a high-speed high-security public-key signature system.

    • The culture of micro-dependencies. As an example, compere this two cryptography library in Rust and C. The former one depends on quite a few external libraries:

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • crates.io

    The Rust package registry

  • rustsec

    RustSec API & Tooling

    • Sadly, not much. Though every Rust user should know about cargo audit.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts