All geek questions in one place

Check for unwanted wildcard dependencies recursively

I have a library and want to make sure that none of the dependencies in my dependency tree use wildcard dependencies. Wildcard dependencies are evil :(

Can I check this recursively with cargo on the command line? Or can I check it manually in Cargo.lock ?

EDIT : while crates.io rejects mailboxes with wildcard dependencies since the release of Rust 1.6 ( roughly , thanks to Steve Klabnik), there are still old mailboxes on crates.io that have wildcard dependencies. I can load my own box, which depends on such an old box. Therefore, my box indirectly also depends on wildcard dependencies. This is what I want to avoid and test.

+5
source share
2 answers

I wrote a small script that takes crates.io-index and reads the current information for all packages. If the package is directly dependent on another package, the line printed in the format crate-name -> wildcard-dependency, another-one displayed in the line crate-name -> wildcard-dependency, another-one .

There are 995 current packages with wildcard dependencies . The list is exhaustive and will be reduced only if packages are updated.

You can manually go through all the dependencies in your Cargo.lock and check if they are listed. Note that you should use the latest version of your dependencies to make sure you are not dependent on an obsolete package with wildcard dependencies.

+2
source

As of a few months ago, Cargo no longer supports wildcard dependencies. Therefore, you do not need to do this yourself.

This is the crates.io function, not the Rust or Cargo function, so it is not associated with any particular version of these tools. The update happened around the time we released Rust 1.6 .

+3
source

Source: https://habr.com/ru/post/1245485/

More articles:


All Articles