{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiddu3g6tbwl5hlbbcjqq2n4bmvq3xvj2xwzmhx2iagtgno3leecrm",
    "uri": "at://did:plc:ivbknywyskln22er3nkssdhl/app.bsky.feed.post/3mkltxuteixp2"
  },
  "path": "/t/easily-inspect-dependencies/24200#post_6",
  "publishedAt": "2026-04-28T23:02:25.000Z",
  "site": "https://internals.rust-lang.org",
  "tags": [
    "most recently Helix"
  ],
  "textContent": "bjorn3:\n\n> config files that may cause your editor to run potentially malicious code\n\nSome editors (VScode, and most recently Helix) already protect themselves against that type of attack. So I believe the burden of config-security should be placed on them, not Cargo.\n\nepage:\n\n> use cases\n\nI thought I already mentioned them? It doesn't have to be about security since the very beggining. Just an easy way to see docs and implementation details without having to re-download data. The (dep/lib/bin) docs don't (and shouldn't) specify all impl details, so being able to use `cargo` (instead of RA/r-a) to find those details would be nice.\n\nepage:\n\n> generic link to some site\n\nI'll clarify my reasoning:\n\n  1. Supply-chain attacks are in **the** OWASP Top 10\n  2. Therefore, supply-chain attacks are important to OWASP\n  3. This suggests that mitigating supply-chain attacks should also be important to Cargo\n\n\n\nepage:\n\n> cache read-only but we've had problems with that\n\nUnderstood . Could this be improved in the next edition? or is it a portability limitation because of the many platforms where Cargo is officially supported?",
  "title": "Easily inspect dependencies"
}