alt Hacker Newshttps://github.com/doy/rbw is a Rust alternative to the Bitwarden CLI. Although the Rust ecosystem is moving in NPM's direction (very large and very deep dependency trees), you still need to trust far fewer authors in your dependency tree than what is common for Javascript.
Replies
It's a bit ironic that everyone considers Rust as safer while completely ignoring the heavily increased risk of pulling in malware in dependencies.
This + vaultwarden is an awesome self-hostable rust version of bitwarden. We might as well close the loop!
Is there any downside to using the firefox builtin password manager?
I wonder if this is going to push more software to stacks like .Net where you can do most things with zero third-party dependencies.
Or, conversely, encourage programming languages to increase the number of features in their standard libraries.
Oh nice it works as an ssh-agent too. Definitely checking this one out.
That’s my concern too. Rust has the same dependency concerns, which is how hackers get into code. VaultWarden has the same Rust dependency concern. Ironically we’re entering an age where C/C++ seems to have everything figured out from a dependency injection standpoint
Well.. https://github.com/doy/rbw/blob/main/Cargo.toml#L16
You're still pulling a lot of dependencies. At least they're pinned though.