Human readable reviews / quick descriptions. For tools, see https://github.com/MaulingMonkey/crev-proofs
This repository serves a few purpouses:
Legend | Description |
---|---|
Author | I wrote this! |
Positive | Seems safe/sound/possibly useful |
Neutral | This crate is OK, but might have better alternatives |
Negative | I have serious concerns, possibly including: too much unsafe , panic! -prone, history of soundness bugs, general brittleness, or lacking critical functionality. Might still be a good basis for cleanup / forking. |
Dangerous | Unsound, vulnerable, or likely to be (now or in the future based on poor history) |
N/A | Haven't properly reviewed the code yet |
Review | Links | Description |
---|---|---|
cargo-dinghy | docs.rs |
cargo subcommand for building Android/iOS |
cargo-ndk | docs.rs | Kinda trivial .apk building. |
dinghy-build | docs.rs | |
dinghy-lib | docs.rs | |
jerk | docs.rs | Java path discovery and other utilities |
jerk-build | docs.rs | Build Java alongside Rust via build.rs/metabuild scripts |
jerk-test | docs.rs | Unit test Java built alongside Rust |
jni | docs.rs | Unsafe and unsound. Has responded to fixes well though. |
jni-android-sys | docs.rs | Bindings to Android Java APIs |
jni-bindgen | docs.rs | Java API binding code generator |
jni-glue | docs.rs | Safeish wrappers around jni-sys used by jni-bindgen bindings |
jni-glue-macros | docs.rs | Proc macros to implement Java APIs from Rust |
jni-sys | docs.rs | Rust bindings for JNI interop. |
Review | Links | Description |
---|---|---|
futures | docs.rs | Asyncronous streams, sinks, executors, tasks, I/O, etc. |
tokio | docs.rs | Asyncronous I/O runtime/framework |
waker-fn | docs.rs | Basic 0-dependencies Fn-based Waker source. |
wasm_bindgen_futures | docs.rs | Convert JS Promise s to/from Rust Future s |
Review | Links | Description |
---|---|---|
autocfg | docs.rs | Runs rustc to test for features / versions. |
cargo_metadata | docs.rs | Parse cargo metadata and cargo build --message-format=json . |
cfg-if | docs.rs |
else if chainable cfg attributes |
lies | docs.rs | Embed license text into your program via proc macros + cargo-about. |
lies-impl | docs.rs | |
rustversion | docs.rs | Attributes to do conditional compilation based on rust version/channel |
vcpkg | docs.rs | Build dependency to get C/C++ vcpkgs |
winres | docs.rs | Embed resources (icons, versions, ...) into your executables. |
Review | Links | Description |
---|---|---|
cargo | docs.rs | The rust build tool. |
cargo-about | docs.rs | Validate dependency licenses and aggregate into a single .html file |
cargo-crev | docs.rs | Share code reviews/audits through a web of trust |
cargo-edit | docs.rs | Add/remove/update Cargo.toml dependencies from the CLI. |
Review | Links | Description |
---|---|---|
arrayvec | docs.rs | Vec clone (Fixed capacity, no heap). Prefer Vec? |
lazycell | docs.rs | Similar to RefCell<Option<T>>, but you can keep T borrowed |
smallvec | docs.rs | Vec clone (Small Buffer Optimization, Heap Fallback). Prefer Vec. |
smol_str | docs.rs | Immutable small string premature optimizations |
void | docs.rs | Uninhabited type. |
Review | Links | Description |
---|---|---|
bugsalot | docs.rs | Breakpoints, debugger detection, fail-stable macros, etc. |
gimli | docs.rs | DWARF debug info parsing. |
natvis-pdbs | docs.rs | Embed .natvis files into your .pdb s via build.rs/metabuild script. |
vlq | docs.rs | Sourcemap VLQ Base64 encode/decode |
wasm-dwarf | docs.rs | WASM Dwarf reader / .map generator |
wasmparser | docs.rs |
.wasm file parser |
Review | Links | Description |
---|---|---|
bindgen | docs.rs | Generate Rust bindings from C/C++ headers |
cbindgen | docs.rs | Generate C/C++ headers for Rust code |
cloudabi | docs.rs | Reduced capability-based POSIX subset/alternative. |
com_impl | docs.rs | COM interop utilities. |
foreign-types | docs.rs | Generate Rust wrappers around C types |
foreign-types-shared | docs.rs | foreign-types support crate |
libc | docs.rs | POSIX / C APIs megacrate. You use this. |
redox_syscall | docs.rs | System calls for the Rust OS, Redox |
rust-ffi | docs.rs | Generate C/C++ headers for Rust code |
winapi | docs.rs | Win32 / Windows APIs megacrate. You use this. |
winrt | docs.rs | C++/CX APIs megacrate. |
Review | Links | Description |
---|---|---|
amethyst | docs.rs | Heavyweight data driven game engine. Seems popular. |
ggez | docs.rs | |
piston | docs.rs | |
quicksilver | docs.rs | Lightweight engine targeting Desktop & Browser |
Review | Links | Description |
---|---|---|
ase | docs.rs | Asesprite Format Reader |
glsl-include | docs.rs | Handle basic #include s for GLSL. |
legion | docs.rs | A low-boilerplate, high performance archetype based ECS. Lots of unsafe, possibly unsound, overflow concerns, etc. |
nines | docs.rs | 9-slice scaling math |
rdrand | docs.rs | Get random numbers |
specs | docs.rs | High boilerplate ECS. Fancy and parallel though. |
tiled | docs.rs |
Tiled .tmx file parser. Decent bones, but I'm concerned about path traversal attacks. |
tiled-json-rs | docs.rs |
Tiled .json export file parser. Decent bones, but I'm concerned about path traversal attacks. |
Review | Links | Description |
---|---|---|
array-macro | docs.rs |
vec![] but for fixed length arrays |
aseprite | docs.rs | Parse JSON aseprite exports |
crates-index | docs.rs | Parse the crates.io index |
icon-pie | docs.rs | Generate .ico / .icns |
inventory | docs.rs | Decentralized static registration |
lazy_static | docs.rs | Static init at runtime. |
macro_rules_attribute | docs.rs | Provides a #[derive(...)]-like attribute without needing your own proc macro crate. |
matches | docs.rs | matches!(variable, SomeEnum::SomeCase) == true |
nonmax | docs.rs | std::num::NonZero___ equivalents |
num_cpus | docs.rs | Queries the OS for the number of CPU cores you have |
num_enum | docs.rs | derive traits for enums |
num_enum_derive | docs.rs | impl crate for num_enum |
require_unsafe_in_body | docs.rs | Reducing the scope of unsafe { ... } in unsafe fn s. |
threadpool | docs.rs | Simple basic thread pool |
wchar | docs.rs | Compile time UTF16 strings for windows wchar_t * interop. |
Review | Links | Description |
---|---|---|
egli | docs.rs | EGL bindings - provides OpenGL (ES) contexts |
khronos-egl | docs.rs | EGL bindings - provides OpenGL (ES) contexts |
Review | Links | Description |
---|---|---|
buffered_offset_reader | docs.rs | Prefer read_write_at - read_at/write_at with &self |
codepage-437 | docs.rs | Codepage 437 conversion functions |
codespan | docs.rs | Core structures for codespan-reporting |
codespan-reporting | docs.rs | Beautiful cargo-like error reporting |
dlopen | docs.rs | Safeish and unsafe APIs for loading .so s, .dll s at runtime. |
fs2 | docs.rs | Some extra filesystem utilities |
libloading | docs.rs | Unsafe APIs for loading .so s, .dll s at runtime. |
midir | docs.rs | Pure rust MIDI device I/O. Good start, but probably unsound. |
podio | docs.rs | Utility extension methods for Read / Write
|
read_write_at | docs.rs | Offset read_at/write_at with &self |
shellexpand | docs.rs | Expand unix style env vars within strings. |
tempfile | docs.rs | Create/cleanup temporary files and directories. |
termios | docs.rs | Terminal I/O Settings |
vfs | docs.rs | Filesystem virtualization |
vfs-clgit | docs.rs | Filesystem virtualization over git |
vfs-zip | docs.rs | Filesystem virtualization over zip archives |
warmy | docs.rs | Hot reloading resources. Not browser friendly. |
Review | Links | Description |
---|---|---|
proc-macro-crate | docs.rs | $crate for proc macros (prefer shim macros per review notes!) |
Review | Links | Description |
---|---|---|
ascii | docs.rs | ASCII conversion and parsing. |
ico | docs.rs | Encoders/decoders for .ico and .cur file formats |
icon_baker | docs.rs | Generate .ico / .icns |
idna | docs.rs | Encoding/decoding domain names/punycode. |
itoa | docs.rs | Fast integer I/O |
leb128 | docs.rs | Encode/decode DWARF's variable length integer format, LEB128 |
serde | docs.rs | The crate used for serialization throughout the Rust ecosystem |
serde_json | docs.rs | serde companion crate for (de)serializing .json files. |
sourcefile | docs.rs | Source code file:line <-> offset conversion |
toml | docs.rs | serde .toml deserialization |
toml-spanned-value | docs.rs | File line/col span for .toml values |
typetag | docs.rs | Deserialize Box<dyn Trait> based on inventory registrations. |
xml-rs | docs.rs | Encoding and decoding XML. Safe, sound, no deps. |
zip | docs.rs | Zipping/unzipping .zip archives. |
Review | Links | Description |
---|---|---|
actix-web | docs.rs | AVOID. Closes soundness bugs unfixed. Deletes external soundness bugs. |
byteorder | docs.rs | Super basic casting/endian/swizzling with a history of unsoundness |
cargo-apk | docs.rs | Glue code is full of unsafe and unsound. |
crossterm | docs.rs | Cross-platform console stuff. No web support, soundness issues. |
crossterm_cursor | docs.rs | Cross-platform console cursor maniulation. Needs soundness fixes. |
crossterm_input | docs.rs | Cross-platform console input reading. Needs soundness fixes. |
crossterm_screen | docs.rs | |
crossterm_style | docs.rs | |
egl | docs.rs | AVOID. Unsound as fuck, abandoned. See khronos-egl for a sounder, maintained fork. |
memalloc | docs.rs | Super brittle/dangerous at a fundamental level. Avoid. |
microprofile | docs.rs | Bindings for a C++ flamegraph profiler |
Review | Links | Description |
---|---|---|
cargo-web | docs.rs | .wasm packager for use with stdweb |
instant | docs.rs | std::time::Instant alternative that doesn't panic on wasm targets. |
js-sys | docs.rs | Browser API interop |
rocket | docs.rs | Rust library for creating API servers. Nice design. |
stdweb | docs.rs | Browser API interop |
wasm-pack | docs.rs | .wasm packager for use with web-sys |
web-sys | docs.rs | Browser API interop |
# Display versions in VS Code
cargo versions byteorder
# Prefer cmd.exe for keepass purpouses
# Generate template and open secondary vscode window with all versions open
cargo review --all byteorder
cargo open byteorder *
# Diff versions
cls && cargo diff byteorder 0.1.1
cls && cargo diff byteorder 0.2.0
...
# Publish review to github:
# Finish authoring [cratename].md
# Add/commit [cratename].md
git push github master
# Crosspost to crev, linking https://github.com/MaulingMonkey/rust-reviews/blob/master/reviews/ [cratename].md
cargo install cargo-crev
cargo crev crate review -u --advisory byteorder --vers 0.2.11
cargo crev crate review -u --advisory byteorder --vers 0.3.8
cargo crev crate review -u --skip-activity-check byteorder --vers 1.3.4
cargo crev repo git diff HEAD~1
cargo crev repo publish
# Combined advisory/review/flags/alternatives template
advisories:
- ids: []
severity: medium
range: major
comment: ""
review:
thoroughness: low
understanding: medium
rating: positive
flags:
unmaintained: false
alternatives:
- source: "https://crates.io"
name: ""
comment: |-