Cryptographically verifiable, distributed dependency reviews
Add the last reviewed version to Cargo.toml / [dependencies]:
cargo_metadata = "0.9.1"
Please, use mobile in landscape.
Filter reviews clicking on the numbers in the summary.
Full column names in tooltip hints: rating Negative, rating Neutral, rating Positive, rating Strong, thoroughness, understanding, reviews count.
Parse cargo metadata
and cargo build --message-format=json
output.
Diff | Rating | Notes |
---|---|---|
.cargo_vcs_info.json | +1 | |
Cargo.toml | +1 | |
Cargo.toml.orig | +1 | |
src/errors.rs | +1 | Added Error::NoJson |
src/lib.rs | 0 | Various safe but breaking code changes |
src/messages.rs | +1 | |
tests/selftest.rs | +1 | |
tests/test_samples.rs | +1 |
File | Rating | Notes |
---|---|---|
src/dependency.rs | +1 | |
src/diagnostic.rs | +1 | |
src/errors.rs | +1 | |
src/lib.rs | 0 | MetadataCommand makes me slightly paranoid |
src/messages.rs | +1 | |
tests/selftest.rs | +1 | |
tests/test_samples.rs | +1 | |
.cargo_vcs_info.json | +1 | |
.cargo-ok | +1 | |
.gitignore | +1 | |
.travis.yml | +1 | 1.32.0 MSRV |
Cargo.toml | +1 | |
Cargo.toml.orig | +1 | |
LICENSE-MIT | +1 | |
README.md | +1 |
Other | Rating | Notes |
---|---|---|
unsafe | +1 | None |
fs | +1 | None |
io | 0 | Can invoke cargo metadata . Looks sane, but if passed malicious feature names etc... |
docs | +1 | |
tests | +1 |
Line | What | Notes |
---|---|---|
495 | exec | shell access, and I'm paranoid about shell param escaping... |
500 | exec | shell access, and I'm paranoid about shell param escaping... |
Parse cargo metadata
and cargo build --message-format=json
output.
File | Rating | Notes |
---|---|---|
src/dependency.rs | +1 | |
src/diagnostic.rs | +1 | |
src/errors.rs | +1 | |
src/lib.rs | 0 | MetadataCommand makes me slightly paranoid |
src/messages.rs | +1 | |
tests/selftest.rs | +1 | |
tests/test_samples.rs | +1 | |
.cargo_vcs_info.json | +1 | |
.cargo-ok | +1 | |
.gitignore | +1 | |
.travis.yml | +1 | 1.32.0 MSRV |
Cargo.toml | +1 | |
Cargo.toml.orig | +1 | |
LICENSE-MIT | +1 | |
README.md | +1 |
Other | Rating | Notes |
---|---|---|
unsafe | +1 | None |
fs | +1 | None |
io | 0 | Can invoke cargo metadata . Looks sane, but if passed malicious feature names etc... |
docs | +1 | |
tests | +1 |
Line | What | Notes |
---|---|---|
495 | exec | shell access, and I'm paranoid about shell param escaping... |
500 | exec | shell access, and I'm paranoid about shell param escaping... |
© bestia.dev 2023, MIT License, Version: 2023.608.1636
Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/
Parse
cargo metadata
andcargo build --message-format=json
output.Pros:
Cons:
cargo metadata
could be passed badfeature names (see 0.8.2 review for details)
0.9.1