You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recent supply-chain discussions had me thinking it could be helpful to see the differences in the published .crate file. There is currently a third-party tool for this but figured having it built directly in would raise awareness and make it easier to use.
A bonus is an idea I posted on the diff.rs issue tracker which is diffing across crates. This would help when looking at potential forks or supply chain attacks to figure out what was actually done (e.g. I just recently found clap_builder_cryo which didn't change the repository links, making it harder to figure out what was going on.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Recent supply-chain discussions had me thinking it could be helpful to see the differences in the published
.cratefile. There is currently a third-party tool for this but figured having it built directly in would raise awareness and make it easier to use.A bonus is an idea I posted on the diff.rs issue tracker which is diffing across crates. This would help when looking at potential forks or supply chain attacks to figure out what was actually done (e.g. I just recently found
clap_builder_cryowhich didn't change the repository links, making it harder to figure out what was going on.Beta Was this translation helpful? Give feedback.
All reactions