[$] Vetting the cargo

Modern language environments make it easy to discover and incorporateexternally written libraries into a program. These same mechanisms canalso make it easy to inadvertently incorporate security vulnerabilities orovertly malicious code, which is rather less gratifying. The stream ofresulting vulnerabilities seems like it will never end, and it afflicts relatively safelanguages like Rust just as much as any other language. In an effortto avoid the embarrassment that comes with shipping vulnerabilities (orworse) by way of its dependencies, the Mozilla project has come up with a new supply-chain management tool known as"cargo vet".