Cryptographically verifiable, distributed dependency reviews
reviewer: kornelski
$ cargo crev repo fetch url https://github.com/kornelski/crev-proofs
$ cargo crev id trust rBGRONmiSLmELT1SuRDDScgLcoJl8mTdEbZqz1XCesM
repo: https://github.com/kornelski/crev-proofs
Please, use mobile in landscape.
Build script is benign. It depends on a bunch of C code, which I haven't checked (hence neutral rating)
Slow due to use of cargo-metadata, and doesn't work with workspaces for no good reason
Very basic TOML parsing, like sed s/^version/
Very basic TOML parsing, like sed s/^version/
So much complexity for a bit of backwards-compat :(
Nice and simple. macOS uses hardcoded paths rather than Cocoa APIs, but that's fine.
There's a lot of unsafe
pointer-juggling here for managing linked lists.
Warning: this is stolen code
These are helper functions. They aren't actually closures, but plain function pointers.
Literally nothing to see here
The build script is benign. It does what it says on the tin. I haven't checked whether definitions match the ABI.
It really is a thin wrapper around System.alloc
(too bad it can't wrap other allocators)
This crate uses a bytewise parser even for files in UTF-16 encoding. It can be tricked into parsing plain text as XML elements (e.g. UTF-16BE "䄼A†⼾" is parsed as <A />
and fires an element event).
It calls unsafe add_cached_mapping
It doesn't use robust parsing and doesn't validate inputs. It's probably fine anyway.
Has public functions that take arbitrary raw pointers, but aren't marked as unsafe
it just splits a string
I don't see anything wrong with it, but atomics are notoriously tricky, so please keep in mind that my review is marked with understanding=low
The API of the exponential backoff strategy is surprising, as it uses the same number for the base and the exponent.
TryFrom is now in the standard library, and this library does not fall back to the standard trait.
Uses mem::uninitialized()
instead of MaybeUninit
or ArrayVec
.
Warning: this is stolen code
The build.rs is benign. The lib? Who knows.
Warning: this is stolen code
© bestia.dev 2023, MIT License, Version: 2023.608.1636
Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/