I think the state of crates currently is "good enough". It would be nice to have a more systemic approach to security involving vetted crates, code reviews, etc., but I think the people resources aren't there. Vetting even 1% of the current crates, even one version of those 1% of crates, is an absolutely immense effort. It also stifles innovation a bit, by preventing uptake of new crates which may have a much better API but which may not yet have been reviewed.
3 Likes