remove-comments rewrites source code in place, so its safety promises are part of its security model.
| Version | Supported |
|---|---|
| 1.x | yes |
| legacy scripts | no |
- Any input that makes the tool corrupt code it should have left alone
- A way to make the tool write outside the paths it was given
- Bypassing the
.gitor protected directory guarantees - Crafted input that causes a hang, a crash, or unbounded memory use
Report privately to contact@isakajames.com with steps to reproduce and a sample input. Please do not open a public issue for security reports.
You will get an acknowledgement within 72 hours and a status update within 14 days. Fixed issues are credited in the changelog unless you prefer otherwise.
- The crate forbids unsafe code
- Parsing is bounds checked everywhere and cannot panic on any input
- A fuel counter and a nesting cap guarantee termination on hostile files
- Writes are atomic, so a crash can never leave a half written file