Cryptographically verifiable, distributed dependency reviews
Add the last reviewed version to Cargo.toml / [dependencies]:
docker_extract = "0.2.1"Please, use mobile in landscape.
Filter reviews clicking on the numbers in the summary.
Full column names in tooltip hints: rating Negative, rating Neutral, rating Positive, rating Strong, thoroughness, understanding, reviews count.
I am the maintainer of docker_extract. docker_extract is a rather simple crate which
heavily relies on the safety of the tar crate dependency.
It looks to me like the tar crate is very conscious about security.
By design, they do not allow '..' sequences in paths in order to avoid path traversals issues.
I do not consider myself an expert on source code auditing, so I give this review only a medium understanding.