Crates is now vulnerable to supply chain attacks. I discovered this tool to run on the project and audit before running the rust tools, resolving packages and compiling.
It might be worth adding into the CI checks or build system somehow. Like there is npm audit and pip audit.
I have run cargo-vet on the project and no issue yet.
https://mozilla.github.io/cargo-vet/setup.html
Crates is now vulnerable to supply chain attacks. I discovered this tool to run on the project and audit before running the rust tools, resolving packages and compiling.
It might be worth adding into the CI checks or build system somehow. Like there is npm audit and pip audit.
I have run cargo-vet on the project and no issue yet.
https://mozilla.github.io/cargo-vet/setup.html