markdown-tui-explorer 1.34.71

A terminal-based markdown file browser and viewer with search, syntax highlighting, and live reload
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

# cargo-deny configuration
# https://embarkstudios.github.io/cargo-deny/

[graph]
targets = [
    { triple = "x86_64-unknown-linux-gnu" },
    { triple = "aarch64-unknown-linux-gnu" },
    { triple = "x86_64-unknown-linux-musl" },
    { triple = "x86_64-apple-darwin" },
    { triple = "aarch64-apple-darwin" },
]

# ---- Advisories ---------------------------------------------------------------

[advisories]
version = 2
# Deny crates whose versions have been yanked from the registry.
yanked = "deny"
# Scope of the unmaintained check: audit all transitive deps.
unmaintained = "all"
# Targeted ignores. Each entry MUST cite the upstream blocker so we
# revisit when it moves. Re-audit quarterly: drop anything whose
# upstream has shipped a fix.
ignore = [
    # syntect's transitive deps. Both are flagged unmaintained but
    # there's no safe upgrade — syntect 5.x still depends on the
    # old majors. Replacing syntect would be a multi-day refactor
    # of the markdown code-block highlighter; not justified for an
    # unmaintained-but-functional advisory. Revisit when syntect
    # ships a release that drops these:
    #   https://github.com/trishume/syntect/issues
    "RUSTSEC-2025-0141", # bincode 1.3.3 unmaintained (via syntect) — dev ceased upstream
    "RUSTSEC-2024-0320", # yaml-rust 0.4.5 unmaintained (via syntect)
]

# ---- Licenses -----------------------------------------------------------------

[licenses]
version = 2
# Crates not matching any of these licenses fail the build.
allow = [
    "MIT",
    "Apache-2.0",
    "Apache-2.0 WITH LLVM-exception",
    "BSD-2-Clause",
    "BSD-3-Clause",
    "ISC",
    "Unicode-DFS-2016",
    "Unicode-3.0",
    "Zlib",
    "CC0-1.0",
    "MPL-2.0",
    # webpki-roots 1.0+ ships Mozilla's CA cert bundle as DATA (not code),
    # so the maintainers re-licensed it under CDLA-Permissive-2.0 — the
    # Community Data License Agreement, a widely-used permissive licence
    # for OSS data assets. Pulled in transitively via ureq's TLS support.
    "CDLA-Permissive-2.0",
]
# Require at least 80% confidence when SPDX-matching a license file.
confidence-threshold = 0.8

# ---- Bans ---------------------------------------------------------------------

[bans]
# Warn if multiple versions of the same crate end up in the graph.
multiple-versions = "warn"
# Wildcards in Cargo.toml are a red flag.
wildcards = "deny"
# Highlight the worst offender when a feature pulls extra deps.
highlight = "all"

deny = [
    # Prefer rustls; openssl-sys pulls in a large C dependency.
    { name = "openssl-sys", reason = "use rustls instead of openssl" },
    { name = "openssl", reason = "use rustls instead of openssl" },
    { name = "native-tls", reason = "use rustls instead of native-tls" },
]

skip = []
skip-tree = []

# ---- Sources ------------------------------------------------------------------

[sources]
# Only allow crates.io as a registry source.
unknown-registry = "deny"
unknown-git = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []