This repository serves a few purpouses:
- To provide a quick overview and human readable versions of all my cargo crev reviews.
- To provide a repository that Dependabot can create issues against, to remind me to update my crev proofs.
- To provide a visual fallback via deps.rs:
| Legend | Description |
|---|---|
 Author |
I wrote this! |
 Positive |
Seems safe/sound/possibly useful |
 Neutral |
This crate is OK, but might have better alternatives |
 Negative |
I have serious concerns, possibly including: too much unsafe, panic!-prone, history of soundness bugs, general brittleness, or lacking critical functionality. Might still be a good basis for cleanup / forking. |
 Dangerous |
Unsound, vulnerable, or likely to be (now or in the future based on poor history) |
 N/A |
Haven't properly reviewed the code yet |
- Android
- Async
- Build Utility
- Command Line Tools
- Data Structure
- Debugging
- FFI
- Game Engine
- Gamedev
- General Utility
- Graphics
- I/O
- Macros
- Serialization
- Unsound
- Web
| Review | Links | Description |
|---|---|---|
| cargo-dinghy |
docs.rs | cargo subcommand for building Android/iOS |
| cargo-ndk |
docs.rs | Kinda trivial .apk building. |
| dinghy-build |
docs.rs | |
| dinghy-lib |
docs.rs | |
| jerk |
docs.rs | Java path discovery and other utilities |
| jerk-build |
docs.rs | Build Java alongside Rust via build.rs/metabuild scripts |
| jerk-test |
docs.rs | Unit test Java built alongside Rust |
| jni |
docs.rs | Unsafe and unsound. Has responded to fixes well though. |
| jni-android-sys |
docs.rs | Bindings to Android Java APIs |
| jni-bindgen |
docs.rs | Java API binding code generator |
| jni-glue |
docs.rs | Safeish wrappers around jni-sys used by jni-bindgen bindings |
| jni-glue-macros |
docs.rs | Proc macros to implement Java APIs from Rust |
| jni-sys |
docs.rs | Rust bindings for JNI interop. |
| Review | Links | Description |
|---|---|---|
| futures |
docs.rs | Asyncronous streams, sinks, executors, tasks, I/O, etc. |
| tokio |
docs.rs | Asyncronous I/O runtime/framework |
| waker-fn |
docs.rs | Basic 0-dependencies Fn-based Waker source. |
| wasm_bindgen_futures |
docs.rs | Convert JS Promises to/from Rust Futures |
| Review | Links | Description |
|---|---|---|
| autocfg |
docs.rs | Runs rustc to test for features / versions. |
| cargo_metadata |
docs.rs | Parse cargo metadata and cargo build --message-format=json. |
| cfg-if |
docs.rs | else if chainable cfg attributes |
| lies |
docs.rs | Embed license text into your program via proc macros + cargo-about. |
| lies-impl |
docs.rs | |
| rustversion |
docs.rs | Attributes to do conditional compilation based on rust version/channel |
| vcpkg |
docs.rs | Build dependency to get C/C++ vcpkgs |
| winres |
docs.rs | Embed resources (icons, versions, ...) into your executables. |
| Review | Links | Description |
|---|---|---|
| cargo |
docs.rs | The rust build tool. |
| cargo-about |
docs.rs | Validate dependency licenses and aggregate into a single .html file |
| cargo-crev |
docs.rs | Share code reviews/audits through a web of trust |
| cargo-edit |
docs.rs | Add/remove/update Cargo.toml dependencies from the CLI. |
| Review | Links | Description |
|---|---|---|
| arrayvec |
docs.rs | Vec clone (Fixed capacity, no heap). Prefer Vec? |
| lazycell |
docs.rs | Similar to RefCell<Option<T>>, but you can keep T borrowed |
| smallvec |
docs.rs | Vec clone (Small Buffer Optimization, Heap Fallback). Prefer Vec. |
| smol_str |
docs.rs | Immutable small string premature optimizations |
| void |
docs.rs | Uninhabited type. |
| Review | Links | Description |
|---|---|---|
| bugsalot |
docs.rs | Breakpoints, debugger detection, fail-stable macros, etc. |
| gimli |
docs.rs | DWARF debug info parsing. |
| natvis-pdbs |
docs.rs | Embed .natvis files into your .pdb s via build.rs/metabuild script. |
| vlq |
docs.rs | Sourcemap VLQ Base64 encode/decode |
| wasm-dwarf |
docs.rs | WASM Dwarf reader / .map generator |
| wasmparser |
docs.rs | .wasm file parser |
| Review | Links | Description |
|---|---|---|
| bindgen |
docs.rs | Generate Rust bindings from C/C++ headers |
| cbindgen |
docs.rs | Generate C/C++ headers for Rust code |
| cloudabi |
docs.rs | Reduced capability-based POSIX subset/alternative. |
| com_impl |
docs.rs | COM interop utilities. |
| foreign-types |
docs.rs | Generate Rust wrappers around C types |
| foreign-types-shared |
docs.rs | foreign-types support crate |
| libc |
docs.rs | POSIX / C APIs megacrate. You use this. |
| redox_syscall |
docs.rs | System calls for the Rust OS, Redox |
| rust-ffi |
docs.rs | Generate C/C++ headers for Rust code |
| winapi |
docs.rs | Win32 / Windows APIs megacrate. You use this. |
| winrt |
docs.rs | C++/CX APIs megacrate. |
| Review | Links | Description |
|---|---|---|
| amethyst |
docs.rs | Heavyweight data driven game engine. Seems popular. |
| ggez |
docs.rs | |
| piston |
docs.rs | |
| quicksilver |
docs.rs | Lightweight engine targeting Desktop & Browser |
| Review | Links | Description |
|---|---|---|
| ase |
docs.rs | Asesprite Format Reader |
| glsl-include |
docs.rs | Handle basic #includes for GLSL. |
| legion |
docs.rs | A low-boilerplate, high performance archetype based ECS. Lots of unsafe, possibly unsound, overflow concerns, etc. |
| nines |
docs.rs | 9-slice scaling math |
| rdrand |
docs.rs | 🎲 Get random numbers 🎲 |
| specs |
docs.rs | High boilerplate ECS. Fancy and parallel though. |
| tiled |
docs.rs | Tiled .tmx file parser. Decent bones, but I'm concerned about path traversal attacks. |
| tiled-json-rs |
docs.rs | Tiled .json export file parser. Decent bones, but I'm concerned about path traversal attacks. |
| Review | Links | Description |
|---|---|---|
| array-macro |
docs.rs | vec![] but for fixed length arrays |
| aseprite |
docs.rs | Parse JSON aseprite exports |
| crates-index |
docs.rs | Parse the crates.io index |
| icon-pie |
docs.rs | Generate .ico / .icns |
| inventory |
docs.rs | Decentralized static registration |
| lazy_static |
docs.rs | Static init at runtime. |
| macro_rules_attribute |
docs.rs | Provides a #[derive(...)]-like attribute without needing your own proc macro crate. |
| matches |
docs.rs | matches!(variable, SomeEnum::SomeCase) == true |
| nonmax |
docs.rs | std::num::NonZero___ equivalents |
| num_cpus |
docs.rs | Queries the OS for the number of CPU cores you have |
| num_enum |
docs.rs | derive traits for enums |
| num_enum_derive |
docs.rs | impl crate for num_enum |
| require_unsafe_in_body |
docs.rs | Reducing the scope of unsafe { ... } in unsafe fns. |
| threadpool |
docs.rs | Simple basic thread pool |
| wchar |
docs.rs | Compile time UTF16 strings for windows wchar_t * interop. |
| Review | Links | Description |
|---|---|---|
| egli |
docs.rs | EGL bindings - provides OpenGL (ES) contexts |
| khronos-egl |
docs.rs | EGL bindings - provides OpenGL (ES) contexts |
| Review | Links | Description |
|---|---|---|
| buffered_offset_reader |
docs.rs | Prefer read_write_at - read_at/write_at with &self |
| codepage-437 |
docs.rs | Codepage 437 conversion functions |
| codespan |
docs.rs | Core structures for codespan-reporting |
| codespan-reporting |
docs.rs | Beautiful cargo-like error reporting |
| dlopen |
docs.rs | Safeish and unsafe APIs for loading .sos, .dlls at runtime. |
| fs2 |
docs.rs | Some extra filesystem utilities |
| libloading |
docs.rs | Unsafe APIs for loading .sos, .dlls at runtime. |
| midir |
docs.rs | Pure rust MIDI device I/O. Good start, but probably unsound. |
| podio |
docs.rs | Utility extension methods for Read / Write |
| read_write_at |
docs.rs | Offset read_at/write_at with &self |
| shellexpand |
docs.rs | Expand unix style env vars within strings. |
| tempfile |
docs.rs | Create/cleanup temporary files and directories. |
| termios |
docs.rs | Terminal I/O Settings |
| vfs |
docs.rs | Filesystem virtualization |
| vfs-clgit |
docs.rs | Filesystem virtualization over git |
| vfs-zip |
docs.rs | Filesystem virtualization over zip archives |
| warmy |
docs.rs | Hot reloading resources. Not browser friendly. |
| Review | Links | Description |
|---|---|---|
| proc-macro-crate |
docs.rs | $crate for proc macros (prefer shim macros per review notes!) |
| Review | Links | Description |
|---|---|---|
| ascii |
docs.rs | ASCII conversion and parsing. |
| ico |
docs.rs | Encoders/decoders for .ico and .cur file formats |
| icon_baker |
docs.rs | Generate .ico / .icns |
| idna |
docs.rs | Encoding/decoding domain names/punycode. |
| itoa |
docs.rs | Fast integer I/O |
| leb128 |
docs.rs | Encode/decode DWARF's variable length integer format, LEB128 |
| serde |
docs.rs | The crate used for serialization throughout the Rust ecosystem |
| serde_json |
docs.rs | serde companion crate for (de)serializing .json files. |
| sourcefile |
docs.rs | Source code file:line <-> offset conversion |
| toml |
docs.rs | serde .toml deserialization |
| toml-spanned-value |
docs.rs | File line/col span for .toml values |
| typetag |
docs.rs | Deserialize Box<dyn Trait> based on inventory registrations. |
| xml-rs |
docs.rs | Encoding and decoding XML. Safe, sound, no deps. |
| zip |
docs.rs | Zipping/unzipping .zip archives. |
| Review | Links | Description |
|---|---|---|
| actix-web |
docs.rs | AVOID. Closes soundness bugs unfixed. Deletes external soundness bugs. |
| byteorder |
docs.rs | Super basic casting/endian/swizzling with a history of unsoundness |
| cargo-apk |
docs.rs | Glue code is full of unsafe and unsound. |
| crossterm |
docs.rs | Cross-platform console stuff. No web support, soundness issues. |
| crossterm_cursor |
docs.rs | Cross-platform console cursor maniulation. Needs soundness fixes. |
| crossterm_input |
docs.rs | Cross-platform console input reading. Needs soundness fixes. |
| crossterm_screen |
docs.rs | |
| crossterm_style |
docs.rs | |
| egl |
docs.rs | AVOID. Unsound as fuck, abandoned. See khronos-egl for a sounder, maintained fork. |
| memalloc |
docs.rs | Super brittle/dangerous at a fundamental level. Avoid. |
| microprofile |
docs.rs | Bindings for a C++ flamegraph profiler |
| Review | Links | Description |
|---|---|---|
| cargo-web |
docs.rs | .wasm packager for use with stdweb |
| instant |
docs.rs | std::time::Instant alternative that doesn't panic on wasm targets. |
| js-sys |
docs.rs | Browser API interop |
| rocket |
docs.rs | Rust library for creating API servers. Nice design. |
| stdweb |
docs.rs | Browser API interop |
| wasm-pack |
docs.rs | .wasm packager for use with web-sys |
| web-sys |
docs.rs | Browser API interop |
# Display versions in VS Code
cargo versions byteorder# Prefer cmd.exe for keepass purpouses
# Generate template and open secondary vscode window with all versions open
cargo review --all byteorder
cargo open byteorder *
# Diff versions
cls && cargo diff byteorder 0.1.1
cls && cargo diff byteorder 0.2.0
...
# Publish review to github:
# Finish authoring [cratename].md
# Add/commit [cratename].md
git push github master
# Crosspost to crev, linking https://github.com/MaulingMonkey/rust-reviews/blob/master/reviews/ [cratename].md
cargo install cargo-crev
cargo crev crate review -u --advisory byteorder --vers 0.2.11
cargo crev crate review -u --advisory byteorder --vers 0.3.8
cargo crev crate review -u --skip-activity-check byteorder --vers 1.3.4
cargo crev repo git diff HEAD~1
cargo crev repo publish# Combined advisory/review/flags/alternatives template
advisories:
- ids: []
severity: medium
range: major
comment: ""
review:
thoroughness: low
understanding: medium
rating: positive
flags:
unmaintained: false
alternatives:
- source: "https://crates.io"
name: ""
comment: |-