Crev is a system for verifying security and reliability of dependencies based on collaborative code reviews. Crev users review source code of packages/libraries/crates, and share their findings with others. Crev then uses Web of Trust select trusted reviews and judge reputation of projects' dependencies.
Crev is language-independent, but the primary implementation is cargo crev for Rust/Cargo crates.
# setup
cargo install cargo-crev
cargo crev trust --level high https://github.com/dpc/crev-proofs
cargo crev repo fetch all
# verify
cargo crev verify --show-all
# review
cargo crev open $crate_name
cargo crev review $crate_name
# share reviews
# Fork this: https://github.com/crev-dev/crev-proofs/fork
cargo crev id set-url https://github.com/$your_github_username/crev-proofs
cargo crev publish
# get more reviews
cargo crev id query all
cargo crev trust # insert other people's URLs or Ids here
# review just the parts that changed since
cargo crev crate diff $crate_name | less
cargo crev review --diff $previous_version -- $crate_name