

0·
2 months agoUnlike javascript, where at least it is an interpreted language people can audit, you would have to reverse engineer these binaries to figure out what they do.
If you cargo install something you get source code (unless the library packages a binary, but that’s the same as if it were JS or Python or C). Rust dependencies don’t become binary until the final product.
Auditing Rust binaries isn’t much worse than auditing minified and uglified JS. I’ve done both.
I used to hate this. I still hate it, but I used to hate it, too.
More seriously, something that has helped from my managers is getting a “product requirements doc” or PRD. Management and customer reps put together a requirements document that says what they need built. Then you can break it down into work units for yourself and estimate the size with milestones and deliverables. It helps a bunch, even if it’s extra overhead at the start.