logo

Rust crates reviews

Cryptographically verifiable, distributed dependency reviews

crate: cargo-edit

https://lib.rs/crates/cargo-edit/

Add the last reviewed version to Cargo.toml / [dependencies]:

cargo-edit = "0.4.0"

Filter reviews clicking on the numbers in the summary.

Full column names in tooltip hints: rating Negative, rating Neutral, rating Positive, rating Strong, thoroughness, understanding, reviews count.

Neg
Neu
Pos
Str
tho
und
rev
2
1
1
crate version
rating
date
reviewer
thoroughness, understanding
cargo-edit 0.4.0
neutral
2019-09-24
low, medium

Add/remove/update Cargo.toml dependencies from the command line.

Pros:

  • Safe, probably works

Cons:

  • Lots of code
  • Lots of dependencies, some of which I haven't fully audited.
  • License ambiguity (is this MIT or Apache-2.0/MIT licensed?)

0.4.0

crev
thoroughnesslow
understandingmedium
ratingneutral
DiffRatingNotes
Cargo.lock+1Added since 0.3.3, enabling frozen installs. Approx 200 indirect deps.
Cargo.toml+1Version bumps
Cargo.toml.orig+1Version bumps
README.md+1Mentions new --sort option
appveyor.yml+1Disables gnu targets
src/bin/add/args.rs+1New --sort and --offline options
src/bin/add/main.rs+1
src/bin/upgrade/main.rs+1
src/errors.rs+1
src/fetch.rs+1
src/lib.rs+1
src/manifest.rs+1
src/registry.rs+1
tests/cargo-add.rs+1
tests/fixtures/add/Cargo.toml.unsorted+1
cargo-edit 0.3.3
neutral
2019-09-23
low, medium

Add/remove/update Cargo.toml dependencies from the command line.

Pros:

  • Safe, probably works

Cons:

  • Lots of code
  • Lots of dependencies, some of which I haven't fully audited.
  • No Cargo.lock so not installable with --frozen
  • License ambiguity (is this MIT or Apache-2.0/MIT licensed?)

0.3.3

crev
thoroughnesslow
understandingmedium
ratingneutral
FileRatingNotes
src/bin/add/args.rs+1
src/bin/add/main.rs+1
src/bin/add/manifest_test.rs+1
src/bin/rm/main.rs+1
src/bin/upgrade/main.rs+1
src/crate_name.rs-1.contains(url) seems wrong
src/dependency.rs-1No branch support for dependencies?
src/errors.rs+1
src/fetch.rs+1
src/lib.rs+1
src/manifest.rs0find/search duplicate some of cargo metadata's effort I believe
tests/fixtures/add/local/Cargo.toml.sample+1
tests/fixtures/add/Cargo.toml.sample+1
tests/fixtures/manifest-invalid/Cargo.toml.sample+1
tests/fixtures/rm/Cargo.toml.sample+1
tests/fixtures/upgrade/Cargo.toml.invalid+1
tests/fixtures/upgrade/Cargo.toml.source+1
tests/fixtures/upgrade/Cargo.toml.target+1
tests/cargo-add.rs0191: Duplicate assert!s for no reason?
tests/cargo-rm.rs+1Tests are admittedly a bit brittle
tests/cargo-upgrade.rs+1
tests/test_manifest.rs+1
tests/utils.rs017: Pointless clone, beware execute_* passes to exec.
.cargo_vcs_info.json+1
.cargo-ok+1
.editorconfig+1
.gitignore+1
.travis.yml0rustfmt, clippy, travis-cargo, libcurl4-openssl-dev, libelf-dev, libdw-dev, coveralls
appveyor.yml+1
bors.toml+1
Cargo.toml0Apache-2.0/MIT. That's a lot of deps.
Cargo.toml.orig0^
Cargo.lock-1N/A, would nice to be able to --frozen(?) to install fully audited bins
CONTRIBUTING.md+1
LICENSE0Just MIT listed here, Cargo.toml references Apache-2.0/MIT.
README.md0"Apache-2.0/MIT" could be clearer in a Readme.
rustfmt.toml0Empty file
OtherRatingNotes
unsafe+1None, warn if introduced
miriN/ANot bothering with
fs0Manifest related, looks safe?
io0Manifest related
docs+1
tests+1

TIL

  • crates.io API string format
  • Refresher on format! placeholders
format!(
    "{host}/api/v1/crates/{crate_name}",
    host = REGISTRY_HOST,
    crate_name = crate_name
);

© bestia.dev 2023, MIT License, Version: 2023.608.1636

Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/