Our great sponsors
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
To me, the only solution is something like https://github.com/crev-dev/cargo-crev , though I'd be keen to see it be something "blessed" by the Rust team in a more official way.
In fact, the crates.io team can go check this themselves, I think? If it's possible to see "which packages did people request that didn't exist" I suspect they'll find an edit distance of 1 character in >90% of cases. But they don't even have to - there's actually already plenty of research and plenty of attacks that we can look at.
Heh, earlier this year my company actually contributed networking support to WASI and implemented it in Wasmtime: https://github.com/bytecodealliance/wasmtime/issues/3730 . I can't say we have anything that's "production-quality" yet, but we are using it successfully.
One step closer to the day when I can put actix-web creations up on WAPM so "Just type wax my-cool-thing to try it out" can be one of the distribution options.
Check out https://github.com/dtolnay/watt - it's a really interesting solution to the problem!
The biggest blocker right now is the lack of support in the standard: https://github.com/WebAssembly/WASI/issues/370
Or rather, the only thing it guarantees is that in certain parts of the code (the parts you don't trust) you can't use unsafe stuff. Which is exactly what #![forbid(unsafe_code)] does! Or some use of https://github.com/rust-secure-code/cargo-geiger or something.
For a low level language in which you actually need to prove that your code doesn't cause UB, see http://www.ats-lang.org/