I saw a quote on another thread:
And it made me think of a possible idea to widen the net of crater/cargobomb. What if something indexed the Rust projects on GitHub (and GitLab/Bitbucket?) that weren’t published on crates.io? Seems you could do something like look for the precence of
Cargo.toml in the root and/or a
language: rust. You’d want to prune out the duplicates that are published on crates.io, perhaps filtering out those that match any “Repository” listing in crates.io.
The advantage of this is you might have more coverage of “applications” rather than only libraries. I have a toy 2D game application on GitHub that would be such an example.
I’m not sure how you would do versioning of GitHub Rust projects unless they are doing tagging. You could use commits as pseudo releases.
It’s likely, however, that the complexity of this is not worth the cost, but just thought I’d throw out the idea.