What does HackerNews think of cargo-geiger?
Detects usage of unsafe Rust in a Rust crate and its dependencies.
If you want to go further, you can disable unsafe in a crate by adding #[forbid(unsafe)].
And if you need more control than that, there's probably tooling out there that will help depending on what exactly you need.
https://github.com/rustsec/rustsec/tree/main/cargo-audit
There are tools that explicitly exist for this use case, such as cargo-geiger [0]. There was some drama with a large framework called Actix a while ago due to the maintainer having a bit of a cavalier attitude towards unsafe usage. Etc.
> Our analysis shows that while publicly available Rust libraries rarely use the unsafe keyword (even very popular libraries), most of them are still not Safe Rust, because of unsafe use in dependencies.
I think this might be a misapprehension of safety in Rust by the authors: safety doesn't mean that absence of the `unsafe` keyword in your dependency tree, it means safety by construction through safe wrappers of fundamentally unsafe code.
The Rust standard library is the perfect example of this: it exposes safe interfaces that are built on top of fundamentally unsafe OS primitives and system calls. That doesn't make any code that uses them "unsafe"; it parametrizes the notion of safety on safe abstractions. That's all Rust has ever promised, and it's still significantly better than the status quo.
Other than that, the paper's other observations are excellent: we should be more aware of the presence of `unsafe` in our dependency trees, and that information should be more readily surfaced by standard tooling. Tools like `cargo geiger`[1] and `siderophile`[2] (FD: my company's tool) bring us a little closer to that.
However a sufficiently determined evil crate can use soundness holes (like fake-static) or macros (like plutonium) to misbehave without visible unsafe.
The readme is quite good.