Cryptographically verifiable, distributed reviews for Rust crates
cargo-crev on web.crev.dev
Please, use mobile in landscape.
CREV is a recommendation system for establishing trust in open-source code.
Cargo-crev is the review system for Rust crates on crates.io.
Summary of public crev reviews
Summary of ratings
Cargo-crev is a cryptographically verifiable code review system for the cargo (Rust) package manager.
It is open source on GitHub: https://github.com/crev-dev/cargo-crev
It is a CLI program that is installed and runs locally on the developer computer.
Read the Getting Started Guide
It is recommended to always verify the trustworthiness of each of the dependencies in your Rust project.
There can be hundreds of transient dependencies. Do you trust them all?
$ cargo crev verify in your Rust project folder.
Find out what other developers have to say about a crate. And especially a specific version of a crate.
Write your review of a crate you trust and help other developers to trust that crate.
This web page
Rust code reviews is built to enable all developers to view crev reviews fast and effortlessly.
There is no installation, initialization, authentication or learning needed. It is just a simple web page.
The main goal is to simply show the list of reviews for a crate.
Other functionality is secondary and will be gradually upgraded.
Use the links to lib.rs, crates.io and other websites for additional information.
And use the locally installed cargo-crev for your work, verify your dependency and write code reviews.
Include a badge to your crate readme.md to show the count of crev reviews.
The more reviews the crate has, more trusted it should be.
It is also a link to your crate reviews here on Rust code reviews.
Markdown code (Click to Copy):
See example here: https://github.com/bestia-dev/reader_for_microxml/
This webpage shows all reviews from all developers.
But do you personally trust all developers?
New crev reviews can be written by anybody and published publicly on GitHub.
From there they are available to all.
We need a system to trust this persons to trust their reviews.
cargo-crev let you create a list of trusted persons.
But we personally only know a limited number of trusted persons.
To make this circle bigger we need more people to trust.
When we trust somebody for reviews, we usually also trust their choices to trust other people.
So we can transiently trust also them. A little less, but still trust them.
This is an important part of the
web of trust.
It is common in every day life that the friends of our friends are probably also our friends.
This can be configured in your local personal cargo-crev CLI program.
Add this text to your project's readme.md (Click-to-Copy):
Cargo-crev was Crate of the Week on This Week in Rust 27 OCT 2021. Thanks llogiq.
Rust Zürisee, April: cargo crev and cargo audit 1,219 views•May 1, 2020
See https://github.com/crev-dev/cargo-crev/wiki/Howto:-Create-Review-Proofs wiki page for more information
and Frequently Asked Questions, or join https://gitter.im/dpc/crev discussion channel.
The VSCode extension crates from serayuzgur helps choosing the version of dependencies in Cargo.toml. It has also the function "Check reviews" that opens the review page for the dependency crate on web.crev.dev. Thanks serayuzgur!
The taste in colors is very personal and I understand that somebody does not like my choice of colors for this web page.
You can easily change colors of this webpage with Chrome extension User Css:
While you change the css, it automatically refreshes the webpage with new colors. Cool.
And then you can save it per website. Great.
Copy and paste this css variables into the extension and then change their values (Click-to-Copy):
© bestia.dev 2022, MIT License, Version: 2021.1208.1729
Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/