Our great sponsors
-
openvscode-server
Run upstream VS Code on a remote machine with access through a modern web browser from any device, anywhere.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Want to learn more Rust, Offensive Security and Applied Cryptography? Take a look at my book Black Hat Rust Get 42% off until Friday, November 12 with the coupon 1311B892
Thirdly, using cloud developer environments such as GitHub Codespaces or Gitpod. By working in sandboxed environments for each project, one can significantly reduce the impact of a compromise.
While it's possible to audit the code of a crate on https://docs.rs on clicking on a [src] button, it turns that I couldn't find a way to inspect build.rs files. Thus, combined with a malicious update, it's the almost perfect backdoor.
In Rust, packages are called crates and are (most of the time) hosted on a central repository: https://crates.io for better discoverability.