cargo-stale

A fast, concurrent tool to check for outdated dependencies in your Rust Cargo.toml file.

Features

• Fast concurrent dependency checking using async/await
• Smart semantic version comparison and compatibility ranges
• Support for normal, dev, build, and workspace dependencies
• Flexible filtering to show outdated or all dependencies
• Clean table output with current vs latest versions
• Multiple command-line options for different use cases
• Works as both cargo subcommand and standalone tool
• Workspace member support with dependency source tracking

Installation

Install from crates.io (when published):

cargo install cargo-stale

Or install from Git:

cargo install --git https://github.com/18o/cargo-stale

Or clone and build locally:

git clone https://github.com/18o/cargo-stale
cd cargo-stale
cargo build --release

Usage

As a Cargo Subcommand (Recommended)

Once installed, you can use it as a cargo subcommand:

# Basic usage
cargo stale

# Check only outdated dependencies
cargo stale --outdated-only

# Include build dependencies with verbose output
cargo stale --build-deps --verbose

# Check a specific Cargo.toml file
cargo stale --manifest /path/to/Cargo.toml

As a Standalone Tool

You can also run it directly:

# Basic usage
cargo-stale

# With options
cargo-stale --outdated-only --verbose

Command Line Options

cargo stale [OPTIONS]

Options:
  -m, --manifest <MANIFEST>    Path to Cargo.toml file [default: Cargo.toml]
  -o, --outdated-only         Show only outdated dependencies
  -b, --build-deps            Include build dependencies
  -v, --verbose               Verbose output
  -h, --help                  Print help
  -V, --version               Print version

Sample Output

🔍 Checking dependency versions...
📁 Cargo.toml path: Cargo.toml
📦 Found 8 dependencies to check

📊 Dependency Check Results:
------------------------------------------------------------------------------------------
Dependency                          Current Version      Latest Version       Status
------------------------------------------------------------------------------------------
tokio                               1                    1.40.0               ✅ Latest
serde                               1.0                  1.0.214              ✅ Latest
reqwest                             0.12                 0.12.8               ✅ Latest
anyhow                              1                    1.0.93               ✅ Latest
clap                                4                    4.5.20               ✅ Latest
toml                                0.9                  0.9.0                ✅ Latest
env_logger                          0.10                 0.11.8               🔴 Outdated
log                                 0.4                  0.4.23               ✅ Latest
------------------------------------------------------------------------------------------
⚠️  Found 1 outdated dependencies

How It Works

cargo-stale reads your Cargo.toml file and concurrently queries the crates.io API to check for the latest version of each dependency. It uses intelligent semantic version comparison to determine if a dependency is actually outdated based on your version requirements:

Version Compatibility Rules

• "1" or "^1.0" - Compatible with 1.x.x series, only outdated when 2.x.x is available
• "^0.10" - Compatible with 0.10.x series, outdated when 0.11.x is available (0.x versions are more restrictive)
• "~1.2" - Compatible with 1.2.x series, outdated when 1.3.x or higher is available
• "=1.2.3" - Exact version, outdated when any newer version is available
• ">=1.0", ">1.0", etc. - Range requirements are not considered outdated

This follows Semantic Versioning and Cargo's version requirement specifications.

TODO

• Automatically update Cargo.toml with latest versions (add --update flag)
• Interactive mode for selective dependency updates
• Support for private registries and alternative registries
• Configuration file support for custom rules

System Requirements

• Rust 1.70.0 or later
• Internet connection (to query crates.io API)

Dependencies

• tokio - Async runtime for concurrent requests
• reqwest - HTTP client for crates.io API
• clap - Command line argument parsing
• serde - JSON deserialization
• toml - TOML file parsing
• anyhow - Error handling
• env_logger & log - Logging support

Performance

cargo-stale is designed for speed:

• Concurrent requests: All dependencies are checked simultaneously
• Minimal dependencies: Uses only essential crates
• Smart caching: HTTP client connection reuse
• Efficient parsing: Fast TOML and JSON processing

Typical performance: Checking 10 dependencies takes ~1-2 seconds (depending on network).

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

1. Fork the repository
2. Create your feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add some amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Similar Tools

• cargo-outdated - More comprehensive but slower, shows detailed dependency trees
• cargo-audit - Focuses on security vulnerabilities rather than version updates
• cargo-edit - Helps manage dependencies but doesn't check for updates
• cargo-update - Updates installed cargo binaries, not project dependencies

Why cargo-stale?

cargo-stale strikes the perfect balance between functionality and performance:

✅ Fast: Concurrent checking makes it much faster than sequential tools
✅ Smart: Understands semantic versioning and compatibility ranges
✅ Simple: Clean, easy-to-read output without overwhelming details
✅ Reliable: Respects your version requirements and doesn't suggest breaking changes
✅ Convenient: Works as both a cargo subcommand and standalone tool

Perfect for quick dependency checks in your daily development