logo

Rust crates reviews

Cryptographically verifiable, distributed dependency reviews

reviewer: derekdreery

https://lib.rs/derekdreery

$ cargo crev repo fetch url https://github.com/derekdreery/crev-proofs
$ cargo crev id trust nXrY6RbOf0dNGjJdcXuh9Ef54TCQp5Er_cTkpNTWy7A

repo: https://github.com/derekdreery/crev-proofs

crate version
rating
date
reviewer
thoroughness, understanding
positive
2021-12-14
derekdreery
low, medium

I read through the whole source, looking for malicious or dangerous code, and found none. There
was also no unsafe. I didn't review how well the crate performed its intended function,
although I use the crate and it works for me.

positive
2021-12-14
derekdreery
low, medium

I read through the whole source, looking for malicious or dangerous code, and found none. There
was one use of unsafe, which I checked for correctness w.r.t. memory access and integer
overflow, and found no issues. I didn't review how well the crate performed its intended
function, although I use the crate and it works for me.

positive
2022-06-21
derekdreery
low, medium

I took a look at this crate because it seems to be a low-use crate. I checked the code
(Cargo.toml and lib/src.rs), it looked sensible and there weren't any red flags (no system calls,
build.rs etc).
One comment I would make is that the Cargo.toml could do with an include field so that
the CI config files aren't uploaded with the crate. Minor point though and doesn't affect the
safety of the crate.

© bestia.dev 2023, MIT License, Version: 2023.608.1636

Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/