Security
symtrace is designed to be safe to run on any repository, including untrusted ones.
What symtrace does not do
Section titled “What symtrace does not do”- No network access — it never connects to the internet. Zero HTTP, TCP, or DNS dependencies.
- No telemetry — no analytics, no tracking, no data collection.
- No process spawning — it doesn’t shell out to
gitor any other command. All Git operations happen in-process via libgit2. - No unsafe Rust — the
unsafe_code = "deny"flag is enforced at compile time.
Dependency security
Section titled “Dependency security”- All dependency versions are exactly pinned (
=x.y.z) — no surprise updates. - A
cargo-denyconfig enforces license checks, advisory scans, and source restrictions.
Resource limits
Section titled “Resource limits”You can cap how much work symtrace does per file to stay safe on large or adversarial repos:
| Limit | Default | Flag |
|---|---|---|
| File size | 5 MiB | --max-file-size |
| AST nodes | 200,000 | --max-ast-nodes |
| Recursion depth | 2,048 | --max-recursion-depth |
| Parse timeout | 2,000 ms | --parse-timeout-ms |
Files exceeding any limit are skipped.
See SECURITY.md in the repository for the full audit.