What commands would you like to see built into Rust by default?

[yoshuawuyts]

What commands or functionality would you like to see built into Rust by default? Are there any existing ecosystem tools you'd like to see shipped by default? Or are there tools in other ecosystems you'd like to see a Rust version of?

[yoshuawuyts]

I'll go first: I think cargo-geiger is really useful for tracking dependencies containing unsafe. I would love to see a general rust audit tool which not only can track unsafe, but other noteworthy operations such as network access too. And have it be integrated with Cargo.lock and "update/upgrade dependencies" workflows.

[maddiemort]

cargo-edit! I have been repeatedly surprised when moving to a new environment that I have to go and install this myself to run cargo add, because I've gotten so used to having it available.

[dtolnay]

A decent-performance Wasm runtime as a rustup component. This is the critical next step blocking ecosystem work on sandboxed build scripts and sandboxed proc macros. Only an absolutely minimal API needs to be exposed: an entry point to put in your Wasm blob and your set of host fns. Libraries will take it from there.

[Firstyear]

cargo audit - shows your dependencies that have security issues in them, especially given how vendoring is used it's even more critical that projects are able to take responsibility for these.

cargo outdated - shows dependencies that have old or unsupported versions. Common to find many projects with outdated dependencies in their tree somewhere, and this would help to show that.

cargo udeps - shows a list of dependencies you no longer are consuming in your projects code.

Finally, an extension is that today we can do "cargo install X" to install a binary, but there is no associated way to cargo install --update things that were installed, which makes it hard for users to then update their applications installed via cargo. This may leave people open to security issues at worst, and it's annoying for people to do updates in the common case.

[ericsampson]

cargo-edit, absolutely.

[lopopolo]

bindgen

[yozhgoor]

cargo-update would be very interesting.

[lopopolo]

cargo-expand is a tool I use rarely but is invaluable when I need it. It is one of the few reasons I ever need to have a nightly compiler installed and updated.

[Jasper-Bekkers]

rust-semverver should become a default part of cargo-release to help decide and enforce proper semver.

cargo-deny should become part of cargo (potentially) because it helps keep a lot of our projects hygienic in terms of crate usage, duplicate dependencies, licenses, security audits etc.

[Jasper-Bekkers]

A decent-performance Wasm runtime as a rustup component. This is the critical next step blocking ecosystem work on sandboxed build scripts and sandboxed proc macros. Only an absolutely minimal API needs to be exposed: an entry point to put in your Wasm blob and your set of host fns. Libraries will take it from there.

100% having sandboxed build.rs execution is still one of my all-time biggest asks for rust.

[huxi]

Automatic code coverage reports for tests supporting all tier 1 targets. Last info I know about is https://blog.rust-lang.org/inside-rust/2020/11/12/source-based-code-coverage.html as well as some platform-specific solutions.

[ceejbot]

cargo-edit and cargo-why are the cargo extensions I immediately install when setting up a new dev environment. They replace functionality that I used heavily in other ecosystem package manager tools. cargo-release supplies some of the other missing features, (think npm version minor) but probably does too much too be as easy a pick as something like cargo-edit. I would love a stripped-down version of cargo-release as a cargo extension installed by default.

The other Rust ecosystem tool that we're relying on in all our Rust projects is just. I'm not sure if there are any competitive options to this one? Or if it's too complex a use case to consider here? BUT I was feeling the lack of a convenient task runner in all of our Rust projects until I found just. I definitely like that it's not a cargo extension and that the tasks are defined in something other than Cargo.toml.

[neofight78]

I think there are maybe some community solutions, but it would be great to be able to build just the projects dependencies so they can be cached to speed up docker & CI/CD builds.

[No9]

These might be too far up the stack but adding them for consideration:

cargo-tarpaulin is a test coverage tool i'm defaulting too thanks to @LukeMathWalker

cargo-generate
It would enable downstream project teams provide smoother on-boarding processes for their projects which should improve the experience for first time users. Thinking of this as a logical continuation of the examples folder. @timClicks may have some deeper thoughts here?

[ghost]

A REPL would be very useful for testing snippets without building a whole test program. Ideally something that looks and behaves more like python, ghci, or node and less like irust which I find visually noisy.

Along with that, the ability to rust program.rs or rust run program.rs to run it, compiling as necessary. I don't like how cargo forces files to be in particular directories, even if I only need to quickly test something. Some files don't fit neatly into the provided categories of example/test/benchmark.