There has been quite a bit of activity lately in cargo-crev
.
I picked an example from a Proof Repository that I particularly enjoyed
Some stats:
[I] 09-03 23:57 dpc@futex ~/l/c/cargo-crev (master)> cargo crev query review | grep digest| sort | uniq | wc -l
345
there have been 345 crates reviewed so far. Many issues were found, tickets in respective repositories opened. Even if you're not planing to review crates yourself, you're missing out on the early warnings, if you're not routinely running cargo crev verify
on your projects.
But the most important thing is - crates.io ecosystem gets better with every code review.
In some of my unrelated projects, I already get 20% of dependencies reviewed, without even starting to do my own reviews.