<!-- SPDX-FileCopyrightText: 2024 Simon Bruder <simon@sbruder.de> SPDX-License-Identifier: MPL-2.0 --> # embed-licensing Embed licensing information of dependencies to comply with free software licenses. This allows outputting a list of all dependencies at runtime. ## Features - collecting dependencies at build-time using a proc macro - name - version - authors (from Cargo.toml) - license (SPDX expression from Cargo.toml’s `license` field or content of [`license-file`](https://doc.rust-lang.org/cargo/reference/manifest.html#the-license-and-license-file-fields)) - website (`homepage`, `repository` or `documentation` from Cargo.toml) - collecting licenses of dependencies - collecting license exceptions of dependencies - optional collection of development (only for direct dependencies) and build dependencies (by default, only normal dependencies are collected) - optional limiting of dependencies to a specific platform (target and cfg options) ### Non-Features - ready to use HTML template (every application has different needs) - CLI tool (there are already great tools out there, see [Alternatives](#user-content-alternatives)) - manual override of wrong or incomplete data (this should instead be changed by the crate upstream) ## Accuracy The mechanism this crate uses can never be exact. For determining the licenses of a dependency, only the `license` and `license-file` attributes of a Cargo manifest are used. Similarly, the authors are also only pulled from the Cargo manifest. Therefore, you should always consult with a legal professional, if the output of this crate meets the obligations of all licenses of your dependencies, before using this crate. ## Alternatives - [cargo-about](https://github.com/EmbarkStudios/cargo-about) is the initial inspiration for this project. It chooses a different approach and generates a static file from a handlebars template. - [cargo-deny](https://github.com/EmbarkStudios/cargo-deny) is a linter for dependencies, including their licenses. It also offers the `cargo deny list` subcommand for listing all licenses of dependencies (and the dependencies that use them). - [cargo-license](https://github.com/onur/cargo-license) outputs a list similar to `cargo deny list`, but has a more configurable output. - [cargo-cyclonedx](https://github.com/CycloneDX/cyclonedx-rust-cargo) creates a [CycloneDX](https://cyclonedx.org/) SBOM for a crate. All alternatives do not allow running at compile time (as a proc-macro) and using the result at runtime. ## License This project is available under the terms of the [MPL 2.0](./LICENSES/MPL-2.0.txt). The exact details can be found in the header of each file.