Rust Security Scanner Exposes Performance Flaw: Unnecessary Network Calls Slow Vulnerability Checks

A critical performance flaw has been identified in a Rust security scanning tool, where the system makes repeated, uncached network requests for the same vulnerability advisories. This inefficiency not only slows down dependency analysis for developers but also risks triggering rate limits from the external security database API, potentially degrading or blocking the security service itself.

The issue is rooted in the `check_rustsec_unmaintained` function within the `osv.rs` module. Currently, every time the Language Server Protocol (LSP) runs a check for deprecated or vulnerable Rust packages, it fetches detailed advisory data from the Open Source Vulnerability (OSV) database over the network for each advisory ID—without any form of caching. Since this vulnerability data changes infrequently, the tool generates a high volume of redundant HTTP calls, creating unnecessary network traffic and latency.

This design oversight directly impacts developer workflow and tool reliability. The repeated scans of the same project dependencies result in slower feedback loops for security issues. More critically, the uncontrolled API calls place undue load on the OSV service, raising the risk of the scanner being throttled or blocked, which could leave projects without timely vulnerability warnings. The proposed fix involves implementing a caching layer, either in-memory or persistent, to store advisory details locally and drastically cut down on external requests.