embed-licensing 0.2.0

Embed licensing information of dependencies to comply with free software licenses
Documentation

embed-licensing

Embed licensing information of dependencies to comply with free software licenses.

This allows outputting a list of all dependencies at runtime.

Features

  • collecting dependencies at build-time using a proc macro
    • name
    • version
    • authors (from Cargo.toml)
    • license (SPDX expression from Cargo.toml’s license field or content of license-file)
    • website (homepage, repository or documentation from Cargo.toml)
  • collecting licenses of dependencies
  • collecting license exceptions of dependencies

Non-Features

  • ready to use HTML template (every application has different needs)
  • CLI tool (there are already great tools out there, see Alternatives)
  • manual override of wrong or incomplete data (this should instead be changed by the crate upstream)

Missing features

  • configurable separation of normal, development and build dependencies (currently, all are considered, except for transitive development dependencies)

Accuracy

The mechanism this crate uses can never be exact. For determining the licenses of a dependency, only the license and license-file attributes of a Cargo manifest are used. Similarly, the authors are also only pulled from the Cargo manifest.

Therefore, you should always consult with a legal professional, if the output of this crate meets the obligations of all licenses of your dependencies, before using this crate.

Alternatives

  • cargo-about is the initial inspiration for this project. It chooses a different approach and generates a static file from a handlebars template.
  • cargo-deny is a linter for dependencies, including their licenses. It also offers the cargo deny list subcommand for listing all licenses of dependencies (and the dependencies that use them).
  • cargo-license outputs a list similar to cargo deny list, but has a more configurable output.
  • cargo-cyclonedx creates a CycloneDX SBOM for a crate.

All alternatives do not allow running at compile time (as a proc-macro) and using the result at runtime.

License

The code of this crate is available under the terms of the LGPL-2.1-or-later. Some documentation files are available under the terms of the CC-BY-SA 4.0. Generated files that do not contain copyrightable content are marked as CC0-1.0.

The exact license of every file can be found in its header.