A data-driven security audit of nearly 200k crates.io packages using cargo-deny, examining vulnerability rates, unsound code, and how dependency complexity drives risk in the Rust ecosystem.
I don’t think cargo-deny alone is enough. And many from Rust ecosystem thinks that if I specified version “1”, it will be enough forever. Many tools nowadays are installed by binstall, so binary will be older and older and won’t receive any updates.
I don’t think cargo-deny alone is enough. And many from Rust ecosystem thinks that if I specified version “1”, it will be enough forever. Many tools nowadays are installed by binstall, so binary will be older and older and won’t receive any updates.