Alexis Mousset

On 0.6.4 I get: ``` Unpacking tinysearch WASM engine into temporary directory "/tmp/.tmpJuEao6" Starting unpack Copying index into crate Compiling WASM module using wasm-pack Error: crate directory is missing a...

This is because `RUSTC_WORKSPACE_WRAPPER` doesn't work well with sccache. [clippy has run into the same problem](https://github.com/rust-lang/rust-clippy/issues/5507), finally fixed by [adding a special case](https://github.com/mozilla/sccache/pull/728) to handle it in sccache.

I'll try to make a proper fix for sccache.

I don't think we should file an advisory for this one, at least for now. It looks like the security expectations for temporary files creation methods are not clear-cut, and...

> And once that's in place, make cargo audit --bin scan the programs installed by Cargo instead of requiring --file or --dir parameters. Do you mean `$HOME/.cargo/bin` or binaries in...

A simple PoC using osv data https://gist.github.com/amousset/4585cf0d59d1f243536af70081fdd477

This produces an output looking like: ``` [...] Missing alias GHSA-fg7r-2g4j-5cgr in RUSTSEC-2021-0124 Missing alias GHSA-fhvj-7f9p-w788 in RUSTSEC-2020-0034 Missing alias GHSA-wrvc-72w7-xpmj in RUSTSEC-2019-0026 Missing alias GHSA-pphf-f93w-gc84 in RUSTSEC-2020-0111 Missing alias...

> I'm afraid that fetching the entire ZIP file might get unwieldy over time, and querying an API since the last update would incur less traffic The zip file is...

> which omits the Git ranges, then (rightfully) shows up on OSV website as "no fix available" because the Git ranges are not exported, and replaced with a numeric version...

If the https://github.com/github/advisory-database/issues/470 switch gets done, do you see any other obstacles preventing us from importing GHSA from osv?