Pip and cargo are not the same

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Code Review Code Review Scalable P2P

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • crates.io-index

    Registry index for crates.io

    • > If I'm not mistaken, it needs to download a package to know its dependencies and version constraints.

    It's even worse than that. It needs to execute a python script (setup.py?) per package to get a list of it's dependencies and constraints. As that script may contain arbitrary platform-dependent logic (and in the case of ML-related packages often does), which means that it can be impossible to resolve dependencies for other platforms.

    > Not sure how other package managers avoid that. Maybe the central package repositories can expose the dependencies metadata without needing to download the actual package?

    Yes exactly.

    For dependency resolution, cargo uses only a git based index[0] which is optimized to contain only the information required for dependency resolution (omitting other package metadata such as e.g. authors). So it syncs the git repository and after that it is just lookups in local files of the index.

    Only after dependency resolution does it need to consult an external server for retrieval of the actual package contents.

    [0]: https://github.com/rust-lang/crates.io-index

  • rdfind

    find duplicate files utility

    • I use rdfind to deal with this: https://github.com/pauldreik/rdfind

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • fclones

    Efficient Duplicate File Finder

    • Yes, that would be safer when available (although generally files within library dependencies are not modified I think?). It looks like fclones implements this, is faster and is written in Rust https://github.com/pkolaczk/fclones (the last is the most important point of course /s).

  • cargo-crev

    A cryptographically verifiable code review system for the cargo (Rust) package manager.

    • There is a similar idea being explored with https://github.com/crev-dev/cargo-crev - you trust a reviewer who reviews crates for trustworthiness, as well as other reviewers.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • I don't care about cookies” extension bought by Avast, users jump ship

    2 projects | news.ycombinator.com | 7 Jun 2023

  • I think there should be some type of crates vertification especially the popular ones?

    1 project | /r/rust | 17 Apr 2023

  • Security and Correctness in Wasmtime and Cranelift

    1 project | /r/rust | 13 Sep 2022

  • Carge-crev: A cryptographically verifiable code review system for Rust

    1 project | /r/CKsTechNews | 16 Jul 2022

  • Carge-crev: A cryptographically verifiable code review system for Rust

    1 project | news.ycombinator.com | 16 Jul 2022