Self-contained serde-powered Cargo.lock
parser/serializer with support
for the V1/V2/V3/V4 formats, as well as optional dependency tree analysis features.
Used by RustSec.
When the dependency-tree
feature of this crate is enabled, it supports
computing a directed graph of the dependency tree, modeled using the
petgraph
crate, along with support for printing dependency trees ala
the cargo-tree
crate.
Rust 1.70 or higher.
Minimum supported Rust version can be changed in the future, but it will be accompanied by a minor version bump.
- MSRV is considered exempt from SemVer as noted above
- The
cargo lock
CLI interface is not considered to have a stable interface and is also exempted from SemVer. We reserve the right to make substantial changes to it at any time (for now) - The
dependency-tree
feature depends on the pre-1.0petgraph
crate. We reserve the right to updatepetgraph
, however when we do it will be accompanied by a minor version bump.
This crate provides a cargo lock
subcommand which can be installed with:
cargo install cargo-lock --features=cli
It supports the following subcommands:
list
: list packages inCargo.lock
translate
: translateCargo.lock
files between the V1 and V2 formatstree
: print a dependency tree fromCargo.lock
alone
See the crate documentation for more detailed usage information.
Licensed under either of:
- Apache License, Version 2.0 (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.