Sergey "Shnatsel" Davidoff

That crate currently has **exploitable security vulnerabilities** in safe functions. There is even a security advisory about it: https://rustsec.org/advisories/RUSTSEC-2019-0006.html `pancurses` crate has the same issues, also unaddressed: https://rustsec.org/advisories/RUSTSEC-2019-0005.html

That crate's stated goal is to provide a thin Rust wrapper, so it should just be called `ncurses-sys` and expose all functions as `unsafe fn`. Which it currently doesn't, and...

There is one other crate wrapping ncurses - https://crates.io/crates/ncursesw It has its own bindings and seems to be in a better shape, plus has safe wrappers on top. There's probably...

https://gitlab.com/zachreizner/crates-audit/ implements checking crates.io index against RustSec advisory database and outputs the result in .json, .bin and .toml formats. It also has a web UI that displays this info. It...

Nice! Is there a repository with a prototype of the RustPrazi-based tool that I could link to?

We should also lint about code that tends to be slow and get refactored into unsafe code for performance reasons, even though a safe alternative is available. See rust-lang/rust-clippy#3237 for...

Also, a static analyzer for Rust that's focused on taint analysis is in development: https://github.com/facebookexperimental/MIRAI

Here's an actual bug that could potentially be discovered by a static analyzer: https://github.com/crepererum/rdxsort-rs/pull/2 Any thoughts on whether linting for this is viable?

https://github.com/rust-secure-code/safety-dance/issues/21 is working in that direction

First big work item filed: https://github.com/rust-lang/rust-clippy/issues/4483 I expect much more requests to come out of safety-dance effort.