1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# cargo deny configuration
# https://embarkstudios.github.io/cargo-deny/
# ---------------------------------------------------------------------------
# Advisories — RustSec CVE / vulnerability database
# ---------------------------------------------------------------------------
[]
# Warn on unmaintained crates rather than hard-failing, so CI stays green
# while you evaluate the impact.
= []
# ---------------------------------------------------------------------------
# Licenses
# ---------------------------------------------------------------------------
[]
# Confidence threshold for license file detection (0.0–1.0).
= 0.8
# Licenses that are allowed in the dependency tree.
= [
"MIT",
"Apache-2.0",
"Unicode-3.0",
"Unlicense",
# Copyleft — acceptable for a CLI tool (not linked into user code).
"MPL-2.0",
]
# ---------------------------------------------------------------------------
# Bans — reject or warn on specific crates / duplicate versions
# ---------------------------------------------------------------------------
[]
# Warn when multiple versions of the same crate appear in the tree.
= "warn"
# Crates that must never appear in the dependency tree.
= []
# ---------------------------------------------------------------------------
# Sources — restrict where crates may come from
# ---------------------------------------------------------------------------
[]
# Only allow crates published to crates.io; reject git or path dependencies
# that are not explicitly listed below.
= "deny"
= "deny"
= ["https://github.com/rust-lang/crates.io-index"]