dep_insight/

lib.rs

//! # dep-insight
//!
//! purpose: help you understand and analyze dependencies in rust projects
//!
//! this library lets you scan cargo projects to find duplicates, security issues,
//! license problems, and heavy dependencies. you can use it as a library or
//! through the `cargo dep-insight` command line tool.
//!
//! ## example
//!
//! ```no_run
//! use dep_insight::analyze_project;
//!
//! let report = analyze_project(".", false).expect("failed to analyze");
//! println!("found {} dependencies!", report.summary.total_dependencies);
//! ```

pub mod analyzer;
pub mod config;
pub mod parser;
pub mod report;
pub mod risk;
pub mod utils;
pub mod visualize;

pub use report::{DuplicateGroup, LicenseViolation, Report, Suggestion, Vulnerability};

use anyhow::{Context, Result};
use std::path::Path;

/// purpose: analyze a rust project and return a full report
/// params: path -> where the project lives on your computer, run_audit -> whether to check for vulnerabilities
/// args: uses config from .depinsight.toml if it exists
/// raise: returns error if the path is not a cargo project or we can't read files
/// returns: a report with numbers and lists you can show to your friends
///
/// ## example
///
/// ```no_run
/// # use dep_insight::analyze_project;
/// let report = analyze_project("./my-project", false).expect("analysis failed");
/// assert!(report.summary.total_dependencies > 0);
/// ```
pub fn analyze_project<P: AsRef<Path>>(path: P, run_audit: bool) -> Result<Report> {
    analyze_project_with_config(path, None::<&Path>, run_audit)
}

/// purpose: analyze a rust project with a custom config file
/// params: path -> project location, config_path -> optional custom config file, run_audit -> whether to check for vulnerabilities
/// args: none
/// raise: returns error if the path is not a cargo project or config is invalid
/// returns: a report with analysis results
///
/// ## example
///
/// ```no_run
/// # use dep_insight::analyze_project_with_config;
/// let report = analyze_project_with_config("./my-project", Some("custom.toml"), false).expect("analysis failed");
/// assert!(report.summary.total_dependencies > 0);
/// ```
pub fn analyze_project_with_config<P: AsRef<Path>, C: AsRef<Path>>(
    path: P,
    config_path: Option<C>,
    run_audit: bool,
) -> Result<Report> {
    let path = path.as_ref();

    // parse cargo metadata
    let metadata =
        parser::ProjectMetadata::load(path).context("failed to load project metadata")?;

    // load config from custom path or workspace root
    let config = if let Some(cfg_path) = config_path {
        config::Config::load(cfg_path.as_ref()).context("failed to load custom config file")?
    } else {
        let workspace_root_path = metadata.metadata.workspace_root.as_std_path();
        config::Config::discover(workspace_root_path)
    };

    // check for missing lockfile
    if !metadata.has_lockfile() {
        tracing::warn!(
            "no Cargo.lock found! run 'cargo generate-lockfile' for more accurate results"
        );
    }

    // build analyzer
    let analyzer =
        analyzer::DependencyAnalyzer::new(&metadata).context("failed to build dependency graph")?;

    // create report
    let workspace_root = metadata.metadata.workspace_root.to_string();
    let mut report = Report::new(workspace_root);

    // fill in summary
    let unique_names = metadata.unique_crate_names();
    report.summary.total_dependencies = analyzer.total_dependencies();
    report.summary.unique_crates = unique_names.len();

    // find duplicates
    let duplicates = metadata.find_duplicates();
    report.summary.duplicate_crates = duplicates.len();

    for (name, versions) in duplicates {
        report.diagnostics.duplicates.push(report::DuplicateGroup {
            name: name.clone(),
            versions,
            edges: vec![], // simplified for now
        });
    }

    // check licenses
    report.diagnostics.licenses = risk::check_licenses(&metadata, &config.license);

    // check security (only if requested and audit feature enabled)
    report.diagnostics.vulnerabilities = if run_audit {
        risk::check_vulnerabilities(&metadata, &config.audit).unwrap_or_else(|e| {
            tracing::warn!("vulnerability check failed: {}", e);
            vec![]
        })
    } else {
        vec![]
    };

    // find heavy crates
    report.diagnostics.heavy = analyzer.find_heavy_crates(config.output.max_heavy);

    // build graph for report
    report.graph = analyzer.to_report_graph();

    // generate suggestions
    if !report.diagnostics.duplicates.is_empty() {
        report.suggestions.push(Suggestion {
            kind: "unify".to_string(),
            detail: "consider merging duplicate crate versions".to_string(),
        });
    }

    Ok(report)
}

/// purpose: convert a report to json text
/// params: report -> the report to convert
/// args: none
/// raise: error if serialization fails
/// returns: json string you can save to a file
///
/// ## example
///
/// ```no_run
/// # use dep_insight::{analyze_project, report_to_json};
/// let report = analyze_project(".", false).expect("failed");
/// let json = report_to_json(&report).expect("failed to serialize");
/// println!("{}", json);
/// ```
pub fn report_to_json(report: &Report) -> Result<String> {
    serde_json::to_string_pretty(report).context("failed to serialize report to json")
}

// re-export for convenience
pub use report::LicenseViolation as LicenseFinding;