cargo-crev - Cargo Code REView!
cargo-crev is a tool helping Rust users review crates they use,
and share it with the community. It works as a recomendation system,
helps identify poor quality, protects against many attack
vectors, and aims at driving the quality of Rust ecosystem even higher,
by encouraging continous peer review culture.
All of this neatly integrated with the
How it works
- Identify your dependencies: list in many useful ways.
- Review crates: judge their safety, quality and document problems.
- Publish verifiable reviews in a public git repository.
- People download your reviews, you download reviews of others.
- Build a web of trust veting whole Rust ecosystem.
- Gain reputation and trust. Maybe even monetize it, by reving code for money.
- Implement it in your company and/or team to stay ahead!
- Never again get bitten by unreviewed and untrusted code.
Crev is a language and ecosystem agnostic, social Code REView system.
cargo-crev is an implementation/frontend of Crev integrated with
for Rust/crates.io ecosystem.
See it in action:
Changelog can be found here: https://github.com/dpc/crev/blob/master/cargo-crev/CHANGELOG.md
cargo-crev is a work in progress, but it should be usable at all times.
Join crev gitter channel, get help,
report problems and feedback. Thank you!
cargo-crev has a couple of non-Rust dependencies:
# openssl sudo apt-get install openssl libssl-dev # argonautica build system sudo apt-get install clang llvm-dev libclang-dev
Make sure you have LLVM installed and added to your path.
Installing from crates.io
If you wish to use latest release:
cargo install cargo-crev
Installing from github
We try to release often, but new features are added at fast pace. If you want to try the git version:
cargo install --git https://github.com/dpc/crev/ cargo-crev
First create an empty github repository with name:
cd <your-project> cargo crev new id --github-username <username> # generate your id cargo crev fetch url https://github.com/dpc/crev-proofs # fetch proofs from dpc cargo crev fetch all # fetch proofs from all known ids cargo crev verify # verify your depedencies cargo crev query id all # show all known ids cargo crev query review # show all reviews cargo crev query review <crate> # show all reviews of a crate cargo crev trust <id> # trust someone # for Vim/CLI-heavy users cargo crev goto <crate> # jump/cd to crate to review it # for IDE users cargo crev open <crate> --cmd "code --wait -n" --cmd-save # open crate in VSCode and use VSCode by default in the future cargo crev review # review a crate (after goto) cargo crev review <crate> # review a dependency cargo crev review --independent <crate> <version> # review a crate that is not a dependency cargo crev commit # commit new proofs (reviews, trust) cargo crev push # push proofs to your public github repository cargo crev help # see what other things you can do
Join crev gitter channel to share your ID with us, and find IDs of other Rustaceans!