Crate cargo_deny
source ·Expand description
See the book 📕 for in-depth documentation.
To run on CI as a GitHub Action, see cargo-deny-action
.
Please Note: This is a tool that we use (and like!) and it makes sense to us to release it as open source. However, we can’t take any responsibility for your use of the tool, if it will function correctly or fulfil your needs. No functionality in - or information provided by - cargo-deny constitutes legal advice.
§Quickstart
cargo install --locked cargo-deny && cargo deny init && cargo deny check
§Usage
§Install cargo-deny
If you want to use cargo-deny
without having cargo
installed, build cargo-deny
with the standalone
feature. This can be useful in Docker Images.
cargo install --locked cargo-deny
# Or, if you're an Arch user
pacman -S cargo-deny
§Initialize your project
cargo deny init
§Check your crates
cargo deny check
§Licenses
The licenses check is used to verify that every crate you use has license terms you find acceptable.
cargo deny check licenses
§Bans
The bans check is used to deny (or allow) specific crates, as well as detect and handle multiple versions of the same crate.
cargo deny check bans
§Advisories
The advisories check is used to detect issues for crates by looking in an advisory database.
cargo deny check advisories
§Sources
The sources check ensures crates only come from sources you trust.
cargo deny check sources
§Pre-commit hook
You can use cargo-deny
with pre-commit. Add it to your local .pre-commit-config.yaml
as follows:
- repo: https://github.com/EmbarkStudios/cargo-deny
rev: 0.14.16 # choose your preferred tag
hooks:
- id: cargo-deny
args: ["--all-features", "check"] # optionally modify the arguments for cargo-deny (default arguments shown here)
§Contributing
We welcome community contributions to this project.
Please read our Contributor Guide for more information on how to get started.
§License
Licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
§Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Re-exports§
pub use cfg::UnvalidatedConfig;
Modules§
- Configuration and logic for checking crate licenses
Macros§
Structs§
- Common context for the various checks. Some checks require additional information though.
- Error that can occur when deserializing TOML.
- A crate’s unique identifier
- A slice of a UTF-8 path (akin to
str
). - An owned, mutable UTF-8 path (akin to
String
). - A start and end location within a toml document
- An arbitrary
T
with additional span information - SemVer version as defined by https://semver.org.
Enums§
- The dependency kind. A crate can depend on the same crate multiple times with different dependency kinds
- The possible lint levels for the various lints. These function similarly to the standard Rust lint levels
Traits§
- This crate’s equivalent to
serde::Deserialize
Functions§
- Adds the crates.io index with the specified settings to the builder for feature resolution
- Checks if a version satisfies the specifies the specified version requirement. If the requirement is
None
then it is also satisfied. - Helper function to convert a std
PathBuf
to a camino one