Crate mini_vet

Minimal cargo-vet client

This is a library that downloads and parses Rust crate reviews in the cargo-vet format. It can be used to build custom tools for auditing supply-chain security, reusing reviews from the cargo-vet registry, or indirectly from cargo-crev or Debian or Guix.

Structs

• Audit
  A record of a review. If violation is not set, it’s an approval, but check the criteria to know what has been approved.
• AuditSource
  A fetched and parsed list of reviews
• AuditSources
  A list of audits from fetch_registry_from_url
• AuditsFile
  A file containing criteria and audits
• AuditsUrl
  Registry entry for data sources
• CrateName
  Case-insensitive string
• Criterion
  safe-to-run and safe-to-deploy are two special ones, meaning “no malware” and “no dangerous bugs”, respectively.
• MiniVet
  Start here
• Registry
  A list of URLs to fetch. See the default registry for the sources: https://raw.githubusercontent.com/bholley/cargo-vet/main/registry.toml.
• Review
  A reference to an Audit.
• Trusted
  Approval of everything by a user, without checking
• VetVersionRef
  cargo-vet allows specifying git revisions for versions, but presence of the revision seems to imply that the crate is not available on crates.io
• WildcardAudit
  Approved without checking

Enums

• AuditKind
  Audits can either trust source code, or whole crates, or authors
• Error
• StrOrNum
  Unfortunately, cargo-vet sometimes exposes internal IDs of crates.io users

Constants

• DEFAULT_REGISTRY_URL