#review #identity #peer #dependencies #package-manager #web-of-trust

crev-wot

Scalable, social, Code REView system that we desperately need - Web of Trust library

16 releases

0.26.1 Nov 20, 2024
0.25.9 May 19, 2024
0.25.4 Nov 15, 2023
0.24.1 Jul 2, 2023
0.18.0 Oct 6, 2020

#90 in Development tools

Download history 50/week @ 2024-08-12 57/week @ 2024-08-19 64/week @ 2024-08-26 105/week @ 2024-09-02 71/week @ 2024-09-09 27/week @ 2024-09-16 39/week @ 2024-09-23 63/week @ 2024-09-30 26/week @ 2024-10-07 58/week @ 2024-10-14 92/week @ 2024-10-21 29/week @ 2024-10-28 228/week @ 2024-11-04 85/week @ 2024-11-11 241/week @ 2024-11-18 57/week @ 2024-11-25

615 downloads per month
Used in 4 crates (3 directly)

MPL-2.0 OR MIT OR Apache-2.0

180KB
4.5K SLoC

community discussion Github Actions CI Build Status crates.io

jesus, that's a lot of dependencies
image credit

cargo-crev

A cryptographically verifiable code review system for the cargo (Rust) package manager.

Introduction

Crev is a language and ecosystem agnostic, distributed code review system.

cargo-crev is an implementation of Crev as a command line tool integrated with cargo. This tool helps Rust users evaluate the quality and trustworthiness of their package dependencies.

Features

cargo-crev can already:

  • warn you about untrustworthy crates and security vulnerabilities,
  • display useful metrics about your dependencies,
  • help you identify dependency-bloat,
  • allow you to review most suspicious dependencies and publish your findings,
  • use reviews produced by other users,
  • increase trustworthiness of your own code,
  • build a web of trust of other reputable users to help verify the code you use,

and many other things with many more to come.

Getting started

Static binaries are available from the releases page.

Follow the cargo-crev - Getting Started Guide (more documentation available on docs.rs).

cargo-crev is a work in progress, but it should be usable at all times. Use discussions to get help, more information and report feedback. Thank you!

Raise awareness

If you're supportive of the cause, we would appreciate helping to raise awareness of the project. Consider putting the below note in the README of your Rust projects:

It is recommended to always use [cargo-crev](https://github.com/crev-dev/cargo-crev)
to verify the trustworthiness of each of your dependencies, including this one.

Thank you!

Changelog

Changelog can be found here: https://github.com/crev-dev/cargo-crev/blob/main/cargo-crev/CHANGELOG.md

Dependencies

~6–15MB
~205K SLoC