cargo / inquire

inquire

cargo

inquire is a library for building interactive prompts on terminals

Audits

PE Patrick Elsen 2026-06-02

inquire@0.9.4 · 5 findings

Audit of inquire 0.9.4, a Rust library for interactive terminal prompts (Text, Editor, DateSelect, Select/MultiSelect, Confirm, CustomType, Password). Matches upstream Git byte-for-byte; ships no binaries, no build.rs, no unsafe. Five low-severity findings: a dead enum_support module, an unreachable NaiveDate-overflow panic in date navigation, a minor password-handling note (no constant-time compare or zeroize), an unreachable panic! in date_utils, and an editor-subprocess note.

concurrency-documentedconcurrency-safeenvironment-safeexec-safefilesystem-safehas-binarieshas-build-exechas-fuzz-testshas-install-exechas-integration-testshas-property-testshas-unit-testsimpl-algorithmimpl-concurrencyimpl-cryptoimpl-datastructureimpl-interpreterimpl-jitimpl-parserimpl-protocolis-benignparser-impl-correctparser-impl-safeparser-impl-testeduses-concurrencyuses-cryptouses-environmentuses-execuses-filesystemuses-interpreteruses-jituses-networkuses-unsafe

PE Patrick Elsen 2026-05-27

inquire@0.7.5 · 1 finding

inquire 0.7.5 is an interactive CLI prompt library (Text, Password, Confirm, Select, MultiSelect, DateSelect, Editor). Written in safe Rust with no unsafe blocks, no FFI, and no network I/O. One medium-severity finding: the Password prompt does not zeroize input on clear or drop, leaving password bytes accessible in heap memory until overwritten by the allocator.

concurrency-documentedconcurrency-safeenvironment-safeexec-safefilesystem-safehas-binarieshas-build-exechas-fuzz-testshas-install-exechas-integration-testshas-property-testshas-unit-testsimpl-algorithmimpl-concurrencyimpl-cryptoimpl-datastructureimpl-interpreterimpl-jitimpl-parserimpl-protocolis-benignuses-concurrencyuses-cryptouses-environmentuses-execuses-filesystemuses-interpreteruses-jituses-networkuses-unsafe