Skip to content

❌ Cargo plugin for linting your dependencies πŸ¦€

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Notifications You must be signed in to change notification settings

FoxAndDuckSoftware/cargo-deny

Β 
Β 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

❌ cargo-deny

Cargo plugin for linting your dependencies

Embark Opensource Embark Discord Crates.io API Docs Docs Minimum Stable Rust Version SPDX Version dependency status Build Status

See the book πŸ“• for in-depth documentation.

To run on CI as a GitHub Action, see cargo-deny-action.

Please Note: This is a tool that we use (and like!) and it makes sense to us to release it as open source. However, we can’t take any responsibility for your use of the tool, if it will function correctly or fulfil your needs. No functionality in - or information provided by - cargo-deny constitutes legal advice.

cargo install --locked cargo-deny && cargo deny init && cargo deny check

Usage

Install cargo-deny

If you want to use cargo-deny without having cargo installed, build cargo-deny with the standalone feature. This can be useful in Docker Images.

cargo install --locked cargo-deny

# Or, if you're an Arch user
pacman -S cargo-deny

Initialize your project

cargo deny init

Check your crates

cargo deny check

The licenses check is used to verify that every crate you use has license terms you find acceptable.

cargo deny check licenses

licenses output

The bans check is used to deny (or allow) specific crates, as well as detect and handle multiple versions of the same crate.

cargo deny check bans

bans output

The advisories check is used to detect issues for crates by looking in an advisory database.

cargo deny check advisories

advisories output

The sources check ensures crates only come from sources you trust.

cargo deny check sources

sources output

Pre-commit hook

You can use cargo-deny with pre-commit. Add it to your local .pre-commit-config.yaml as follows:

- repo: https://github.com/EmbarkStudios/cargo-deny
  rev: 0.14.11 # choose your preferred tag
  hooks:
    - id: cargo-deny
    - args: ["--all-features", "check"] # optionally modify the arguments for cargo-deny (default arguments shown here)

Contributing

Contributor Covenant

We welcome community contributions to this project.

Please read our Contributor Guide for more information on how to get started.

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

About

❌ Cargo plugin for linting your dependencies πŸ¦€

Resources

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Rust 100.0%