logo

Rust code reviews

Cryptographically verifiable, distributed, dependency reviews.

crates, authors, reviews, ratings,...

Jump to crate (press Enter):

c
h
r
S
P
E
N
0
v
i
a
54
927
159
499
106
93
70
75
29
70
legend

The on_mouse_over tooltip hint also shows the full column names.

Try it out

/rust-reviews/crates/

/rust-reviews/authors/

/rust-reviews/people_of_rust/

Examples:

/rust-reviews/author/FYlr8YoYGVvDwHQxqEIs89reKKDy-oWisoO0qXXEfHE/

/rust-reviews/crate/num-traits/

Helper to write a new review:

/rust-reviews/review_new/reader_for_microxml/1.1.11/

Read questions and answers in discussions:

https://www.reddit.com/r/rust/comments/hl54ye/cargo_crev_online/

https://users.rust-lang.org/t/rust-code-reviews-web-site-for-cargo-crev/44480

Crev Vision

Crev is a scalable, social, distributed Code REView and recommendation system that we desperately need for establishing trust in Open Source code.
It is designed to be used with many different languages and ecosystems.
At its core Crev defines a simple, human-readable data format to communicate trust in code (results of code review) and people (reputation).
Fundamental beliefs of Crev design:
- Trust is about people and community, not automatic scans, arbitrary metrics, process or bureaucracy. You can't replace a human judgment with an algorithm. Tools can only help make such a judgment.
- Code quality, risk management and trust requirements are subjective, contextual and personal. Islands of Trust must grow organically.
- Not many people can review all their dependencies, but if every user at least skimmed through a couple of them, and shared that information with others, we would be in a much better situation.
- Trust should be spread redundantly between many people, so one compromised or malicious actor can't abuse the system.
- Crev does not have to be perfect. Instead it should be robust, simple and flexible, so it can evolve to be good enough.

CREV - Rust code reviews - Raise awareness

Add this text to your project's readme.md (Click-to-Copy):

cargo-crev

cargo-crev is a cryptographically verifiable code review system for the cargo (Rust) package manager.

It is open source on GitHub: https://github.com/crev-dev/cargo-crev

It is a CLI program that is installed and runs locally on the developer computer.

Read the Getting Started Guide

It is recommended to always verify the trustworthiness of each of the dependencies in your Rust project.

There can be hundreds of transient dependencies. Do you trust them all?

Simply run $ cargo crev verify in your Rust project folder.

Find out what other developers have to say about a crate. And especially a specific version of a crate.

There can be advisories or issues or better alternatives. Or maybe it is the best crate version so far.

Write your review of a crate you trust and help other developers to trust that crate.

rust-reviews

This web page Rust code reviews is built to enable all developers to view crev reviews fast and effortlessly.
There is no installation, initialization, authentication or learning needed. It is just a simple web page.
It simply shows the list of reviews for a crate.
Give it a try!

badges badge

Include a badge to your crate readme.md to show the count of crev reviews.
The more reviews the crate has, more trusted it should be.
It is also a link to your crate reviews here on Rust code reviews.
Markdown code (Click to Copy):

[![crev reviews](https://web.crev.dev/rust-reviews/badge/crev_count/reader_for_microxml.svg)](https://web.crev.dev/rust-reviews/crate/reader_for_microxml/)

See example here: https://github.com/LucianoBestia/reader_for_microxml/

web of trust

This webpage shows all reviews from all developers.
But do you personally trust all developers?
New crev reviews can be written by anybody and published publicly on GitHub.
From there they are available to all.
We need a system to trust this persons to trust their reviews.
cargo-crev has a list of trusted persons.
But we personally only know a limited number of trusted persons.
To make this circle bigger we need more people to trust.
When we trust somebody for reviews, we usually also trust their choices to trust other people.
So we can transiently trust also them. A little less, but still trust them.
This is an important part of the web of trust.
It is common in every day life that the friends of our friends are probably also our friends.
This can be configured in your local personal cargo-crev CLI program.

other links and references

Rust Zürisee, April: cargo crev and cargo audit 1,219 views•May 1, 2020

See https://github.com/crev-dev/cargo-crev/wiki/Howto:-Create-Review-Proofs wiki page for more information

and Frequently Asked Questions, or join https://gitter.im/dpc/crev discussion channel.

VSCode extension "crates" will open the Rust review page: https://github.com/serayuzgur/crates

colors

You can easily change colors of this webpage with Chrome extension User Css:

https://chrome.google.com/webstore/detail/user-css/okpjlejfhacmgjkmknjhadmkdbcldfcb

While you change the css, it automatically refreshes the webpage with new colors. Cool.

And then you can save it per website. Great.

Copy and paste this css variables and then change their values (Click-to-Copy):

GitHub repository: https://github.com/LucianoBestia/cargo_crev_web/

Version: 2020.706.1331