Crate cargo_deny

Expand description

§`❌ cargo-deny`

Cargo plugin for linting your dependencies

See the book 📕 for in-depth documentation.

To run on CI as a GitHub Action, see cargo-deny-action.

Please Note: This is a tool that we use (and like!) and it makes sense to us to release it as open source. However, we can’t take any responsibility for your use of the tool, if it will function correctly or fulfil your needs. No functionality in - or information provided by - cargo-deny constitutes legal advice.

§Quickstart

cargo install --locked cargo-deny && cargo deny init && cargo deny check

§Usage

§Install cargo-deny

If you want to use cargo-deny without having cargo installed, build cargo-deny with the standalone feature. This can be useful in Docker Images.

cargo install --locked cargo-deny

# Or, if you're an Arch user
pacman -S cargo-deny

§Initialize your project

cargo deny init

§Check your crates

cargo deny check

§Licenses

The licenses check is used to verify that every crate you use has license terms you find acceptable.

cargo deny check licenses

licenses output

§Bans

The bans check is used to deny (or allow) specific crates, as well as detect and handle multiple versions of the same crate.

cargo deny check bans

bans output

§Advisories

The advisories check is used to detect issues for crates by looking in an advisory database.

cargo deny check advisories

advisories output

§Sources

The sources check ensures crates only come from sources you trust.

cargo deny check sources

sources output

§Pre-commit hook

You can use cargo-deny with pre-commit. Add it to your local .pre-commit-config.yaml as follows:

- repo: https://github.com/EmbarkStudios/cargo-deny
  rev: 0.14.16 # choose your preferred tag
  hooks:
    - id: cargo-deny
      args: ["--all-features", "check"] # optionally modify the arguments for cargo-deny (default arguments shown here)

§Contributing

We welcome community contributions to this project.

Please read our Contributor Guide for more information on how to get started.

§License

Licensed under either of

Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

§Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Re-exports§

pub use cfg::UnvalidatedConfig;

Modules§

advisories
bans
cfg
diag
licenses: Configuration and logic for checking crate licenses
root_cfg
sarif
sources

Macros§

assert_field_eq
enum_deser
field_eq
func_name
overrides

Structs§

CheckCtx: Common context for the various checks. Some checks require additional information though.
Error: Error that can occur when deserializing TOML.
Kid: A crate’s unique identifier
Krate
Path: A slice of a UTF-8 path (akin to str).
PathBuf: An owned, mutable UTF-8 path (akin to String).
Span: A start and end location within a toml document
Spanned: An arbitrary T with additional span information
Version: SemVer version as defined by https://semver.org.

Enums§

DepKind: The dependency kind. A crate can depend on the same crate multiple times with different dependency kinds
LintLevel: The possible lint levels for the various lints. These function similarly to the standard Rust lint levels
Source

Traits§

Deserialize: This crate’s equivalent to serde::Deserialize

Functions§

binary_search
contains
hash
krates_with_index: Adds the crates.io index with the specified settings to the builder for feature resolution
match_krate
match_req: Checks if a version satisfies the specifies the specified version requirement. If the requirement is None then it is also satisfied.
utf8path: Helper function to convert a std PathBuf to a camino one

Type Aliases§

Krates

Crate cargo_deny Copy item path

§❌ cargo-deny