Hacker News new | past | comments | ask | show | jobs | submit login

There exist unofficial tools for counting the number of unsafe blocks in a project: https://github.com/rust-secure-code/cargo-geiger

However a sufficiently determined evil crate can use soundness holes (like fake-static) or macros (like plutonium) to misbehave without visible unsafe.




> However a sufficiently determined evil crate

Nothing really can stop a truly determined bad actor completely, but I don’t think that was GP’s point, rather that it’s good to easily know the potential risk you are exposing yourself to with your dependencies in a practical sense.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: