[alkonaut]

Is there a known ratio of crates that use unsafe to ones that don't? It feels like most nontrivial crates would often need some unsafe. But a system like this might create a scenario where crates offload some of their unsafe code into separate crates so they need updating less frequently (Much like the blah-sys versus blah crates).

[selfmodruntime]

> It feels like most nontrivial crates would often need some unsafe

As a frequent contributor to a number of crates, this isn‘t really true. Also, most popular crates actively deny use of unsafe.

[saghm]

I suppose this depends on your definition of "nontrivial", but I don't think most would, unless you count the fact that some stuff in std is implemented with unsafe under the hood. The only times I've ever needed to use unsafe Rust code in 5~ years of writing it professionally was for interfacing with a vendor-specific C library, and that was only for the wrapper around it; the rest of the code didn't need to use unsafe.

[alkonaut]

Yes I'm probably biased towards seeing more unsafe as a deal with a lot of wrapper libs (crates which in turn have -sys crates and so on). Looking at the dependency graph, if I use 10 deps directly and 5 have unsafe then that might be 50% of the direct dependencies, but probably just a small fraction of the total including transitive.

[dietr1ch]

I think that you can delete files from safe code, but safe as it won't crash or deadlock (but may panic or trigger bugs on unsafe code).

It'd be good to track capabilities needed by libraries, so similarly to unsafe code, risky portions needing careful review are constrained and highlighted in some way.