-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCargo.toml
More file actions
89 lines (83 loc) · 3.32 KB
/
Copy pathCargo.toml
File metadata and controls
89 lines (83 loc) · 3.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
[workspace]
resolver = "2"
members = [
"crates/core",
"crates/cli",
"crates/cache",
"crates/adapters/npm",
"crates/adapters/pnpm",
"crates/adapters/yarn",
"crates/adapters/pypi",
"crates/signals/npm-registry",
"crates/signals/osv",
"crates/signals/depsdev",
"crates/signals/scorecard",
"crates/signals/pypi-registry",
"crates/signals/pypi-sdist",
]
[workspace.package]
version = "0.3.4"
edition = "2021"
rust-version = "1.86"
license = "Apache-2.0"
repository = "https://github.com/jt-systems/installguard"
homepage = "https://installguard.dev"
authors = ["InstallGuard contributors"]
description = "Policy gate for npm/pnpm/yarn/PyPI installs: blocks risky dependencies (advisories, low scorecard, brand-new releases, suspicious lifecycle scripts) from CI and dev machines."
keywords = ["security", "supply-chain", "npm", "ci", "policy"]
categories = ["command-line-utilities", "development-tools"]
readme = "README.md"
[workspace.dependencies]
# Internal
installguard-core = { path = "crates/core", version = "0.3.0" }
installguard-adapter-npm = { path = "crates/adapters/npm", version = "0.3.0" }
installguard-adapter-pnpm = { path = "crates/adapters/pnpm", version = "0.3.0" }
installguard-adapter-yarn = { path = "crates/adapters/yarn", version = "0.3.0" }
installguard-adapter-pypi = { path = "crates/adapters/pypi", version = "0.3.0" }
installguard-signal-npm-registry = { path = "crates/signals/npm-registry", version = "0.3.0" }
installguard-signal-osv = { path = "crates/signals/osv", version = "0.3.0" }
installguard-signal-depsdev = { path = "crates/signals/depsdev", version = "0.3.0" }
installguard-signal-scorecard = { path = "crates/signals/scorecard", version = "0.3.0" }
installguard-signal-pypi-registry = { path = "crates/signals/pypi-registry", version = "0.3.0" }
installguard-signal-pypi-sdist = { path = "crates/signals/pypi-sdist", version = "0.3.0" }
installguard-cache = { path = "crates/cache", version = "0.3.0" }
# External
anyhow = "1.0"
thiserror = "1.0"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
serde_yaml = "0.9"
toml = { version = "1.1", default-features = false, features = ["parse"] }
clap = { version = "4.5", features = ["derive", "env"] }
tokio = { version = "1.38", features = ["macros", "rt-multi-thread", "sync"] }
reqwest = { version = "0.12", default-features = false, features = ["rustls-tls", "json", "gzip"] }
chrono = { version = "0.4", default-features = false, features = ["std", "clock", "serde"] }
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
futures = "0.3"
async-trait = "0.1"
schemars = { version = "0.8", features = ["chrono"] }
sha2 = "0.10"
hex = "0.4"
base64 = "0.22"
ed25519-dalek = { version = "2.1", default-features = false, features = ["std", "pkcs8", "rand_core", "pem"] }
rand = "0.8"
semver = { version = "1.0", features = ["serde"] }
regex = "1"
[workspace.lints.rust]
unsafe_code = "forbid"
missing_debug_implementations = "warn"
[workspace.lints.clippy]
all = { level = "warn", priority = -1 }
pedantic = { level = "warn", priority = -1 }
module_name_repetitions = "allow"
missing_errors_doc = "allow"
missing_panics_doc = "allow"
doc_markdown = "allow"
must_use_candidate = "allow"
return_self_not_must_use = "allow"
[profile.release]
lto = "thin"
codegen-units = 1
strip = "symbols"
panic = "abort"