Crate mini_vet 

Minimal cargo-vet client

This is a library that downloads and parses Rust crate reviews in the cargo-vet format. It can be used to build custom tools for auditing supply-chain security, reusing reviews from the cargo-vet registry, or indirectly from cargo-crev or Debian or Guix.

Structs

Audit

A record of a review. If violation is not set, it’s an approval, but check the criteria to know what has been approved.

AuditSource

A fetched and parsed list of reviews

AuditSources

A list of audits from fetch_registry_from_url

AuditsFile

A file containing criteria and audits

AuditsUrl

Registry entry for data sources

CrateName

Case-insensitive string

Criterion

safe-to-run and safe-to-deploy are two special ones, meaning “no malware” and “no dangerous bugs”, respectively.

MiniVet

Start here

Registry

A list of URLs to fetch. See the default registry for the sources: https://raw.githubusercontent.com/bholley/cargo-vet/main/registry.toml.

Review

A reference to an Audit.

Trusted

Approval of everything by a user, without checking

VetVersionRef

cargo-vet allows specifying git revisions for versions, but presence of the revision seems to imply that the crate is not available on crates.io

WildcardAudit

Approved without checking

Enums

AuditKind

Audits can either trust source code, or whole crates, or authors

Error

StrOrNum

Unfortunately, cargo-vet sometimes exposes internal IDs of crates.io users

Constants

DEFAULT_REGISTRY_URL