Crates.io | cargo-dephell |
lib.rs | cargo-dephell |
version | 0.5.1 |
source | src |
created_at | 2020-03-25 02:42:37.22086 |
updated_at | 2021-03-04 05:30:30.784677 |
description | Analyzes a project's third-party dependencies. |
homepage | |
repository | https://github.com/mimoo/cargo-dephell |
max_upload_size | |
id | 222523 |
size | 136,695 |
Cargo dephell is a tool to analyze the third-party dependencies imported by a rust crate or rust workspace. It makes use of guppy to parse dependencies, geiger to find unsafe code and loc to count the number of lines of code. Cargo dephell is heavily biased towards the libra codebase (where we have a workspace, we don't have internal crates that are not listed in the workspace, we don't care about the rust edition of dependencies too much, etc.)
Installation:
cargo install --git https://github.com/mimoo/cargo-dephell
Make sure you've built your crate or workspace first.
Just run the program on the relevant Cargo.toml
and output the result to an HTML file:
cargo run -- --manifest-path ./Cargo.toml -o analysis_results.html
Note that you might need a personnal access token to query the Github API. You can get one easily by following these steps:
Go to your github Settings:
Go to the Developer settings:
Go to the Personall Access Token page and click on the Generate new token button:
Once there, just:
once you have it, pass it as:
cargo run -- --manifest-path ./Cargo.toml -o analysis_results.html --github-token <username>:<token>
so for example:
cargo run -- --manifest-path ./Cargo.toml -o analysis_results.html --github-token mimoo:3902jfoiewjf130fjeowijfw
Keep in mind that this is a best-effort way to assess third party dependencies, this is for a number of reasons that we document here:
If you want to help:
AUDIT.toml
file to track who has audited what SHA-1 commit of which repository.