Cryptographically verifiable, distributed dependency reviews
reviewer: derekdreery
$ cargo crev repo fetch url https://github.com/derekdreery/crev-proofs$ cargo crev id trust nXrY6RbOf0dNGjJdcXuh9Ef54TCQp5Er_cTkpNTWy7Arepo: https://github.com/derekdreery/crev-proofs
Please, use mobile in landscape.
I read through the whole source, looking for malicious or dangerous code, and found none. There
was one use of unsafe, which I checked for correctness w.r.t. memory access and integer
overflow, and found no issues. I didn't review how well the crate performed its intended
function, although I use the crate and it works for me.
I took a look at this crate because it seems to be a low-use crate. I checked the code
(Cargo.toml and lib/src.rs), it looked sensible and there weren't any red flags (no system calls,
build.rs etc).
One comment I would make is that the Cargo.toml could do with an include field so that
the CI config files aren't uploaded with the crate. Minor point though and doesn't affect the
safety of the crate.
© bestia.dev 2023, MIT License, Version: 2023.608.1636
Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/
I read through the whole source, looking for malicious or dangerous code, and found none. There
was also no
unsafe. I didn't review how well the crate performed its intended function,although I use the crate and it works for me.