Cryptographically verifiable, distributed dependency reviews
$ cargo crev repo fetch url https://git.sr.ht/~icefox/crev-proofs
$ cargo crev id trust lr2ldir9XdBsKQkW3YGpRIO2pxhtSucdzf3M5ivfv4A
No unsafe, nothing malicious, life is good.
Small platform-functionality wrapper, nothing exciting.
Reads env vars and executes the program in them, or whatever program happens to be called
rustc... but given that this thing's purpose is to probe rustc versions, that's kinda inevitable. Abuseable but certainly not malicious; it's made for build scripts and it's fine for this purpose.
Does nothing but shuffle #[cfg] statements; harmless.
Basically pure computation with no unsafe or I/O.
Tiny, safe, well-documented.
Dangerous mutable state shenanigans that should never be necessary.
No obvious way to abuse it.
Pleasantly unsurprising. It's just math.
Turns out the FNV algorithm is clever but trivial to implement, and this crate does nothing besides implement it.
I wrote it, it's not network-facing, has no significant unsafe. So, yeah.
Just generates FFI for a system library.
Apparently it's okay to silently give incorrect results; see https://github.com/thomcc/handy/pull/1
Has some unsafe code in surprising places, for zero-copy casts. P. sure it's valid though.
Just a compatibility shim re-exporting traits.
Mostly just traits; unsafe can probably be removed, see https://github.com/rust-num/num-traits/issues/123
Nothing but a re-export of num-traits 0.2
Very minor version bump compared to previous version.
I wrote this crate. Does absolutely no fancy stuff, no unsafe, no I/O.
I'm the author and this crate is trivial.
Gratiutous unsafe and global mutable state where there doesn't need to be any.
No unsafe, no real I/O, nothing weird in build stuff. Exactly what
you'd want from an image codec.
There's still some transmute's that are unnecessary with Rust 1.32 but the code itself is fine.
Fine but uses some unnecessary transmute's, version 0.2.0 fixes this.
Uses a semi-unnecessary unsafe for speed, which I dislike, but is overall harmless.
No unsafe in the library, no I/O, well documented and commented.
The name is scary but it's nothing but shortcuts for unsafe code patterns you'd already use.
It can be told to execute arbitrary programs via env var, but does nothing malicious itself.
Looks okay but I'd prefer to just avoid needing it.
LGTM. The only unsafe is for casting some slices of numbers
to bytes, which appears to be done safely.
Not quite sure what it does but it doesn't do anything malicious.
This is purely binary libraries and a build.rs option shim; the thing is whether you trust those binaries.
© bestia.dev 2021, MIT Licence, Version: 2021.1208.1729
Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/