cargo-supply-chain

Crates.iocargo-supply-chain
lib.rscargo-supply-chain
version0.3.3
sourcesrc
created_at2020-10-02 18:37:35.871685
updated_at2023-05-08 11:07:42.415619
descriptionGather author, contributor, publisher data on crates in your dependency graph
homepage
repositoryhttps://github.com/rust-secure-code/cargo-supply-chain
max_upload_size
id295509
size102,733
Sergey "Shnatsel" Davidoff (Shnatsel)

documentation

README

cargo-supply-chain

Gather author, contributor and publisher data on crates in your dependency graph.

Use cases include:

  • Find people and groups worth supporting.
  • Identify risks in your dependency graph.
  • An analysis of all the contributors you implicitly trust by building their software. This might have both a sobering and humbling effect.

Sample output when run on itself: publishers, crates, json.

Usage

To install this tool, please run the following command:

cargo install cargo-supply-chain

Then run it with:

cargo supply-chain publishers

By default the supply chain is listed for all targets and default features only.

You can alter this behavior by passing --target=… to list dependencies for a specific target. You can use --all-features, --no-default-features, and --features=… to control feature selection.

Here's a list of subcommands:

Gather author, contributor and publisher data on crates in your dependency graph

Usage: COMMAND [ARG]…

Available options:
    -h, --help      Prints help information
    -v, --version   Prints version information

Available commands:
    publishers  List all crates.io publishers in the depedency graph
    crates      List all crates in dependency graph and crates.io publishers for each
    json        Like 'crates', but in JSON and with more fields for each publisher
    update      Download the latest daily dump from crates.io to speed up other commands

Most commands also accept flags controlling the features, targets, etc.
See 'cargo supply-chain <command> --help' for more information on a specific command.

License

Triple licensed under any of Apache-2.0, MIT, or zlib terms.

Commit count: 355

cargo fmt