-
Notifications
You must be signed in to change notification settings - Fork 0
reference dependencies
Douwe de Vries edited this page Jul 1, 2026
·
1 revision
CSV Anonymizer uses a Rust workspace for core and desktop code, plus a React/Vite frontend. Dependency freshness and audit follow-ups are tracked in docs/dependency-audit-followups.md.
Active contributors: Douwe de Vries
As of the 2026-07-01 dependency review:
- Rust lockfile dependency count: 531.
-
cargo audit --jsonvulnerabilities: 0. - Informational RustSec warnings: 17 unmaintained packages and 1 unsound package.
- Workspace dependency declarations in
Cargo.toml: 27. - Frontend runtime dependencies in
frontend/package.json: 4. - Frontend development dependencies in
frontend/package.json: 21.
See Dependency freshness for warning paths and upgrade backlog.
Root workspace dependency versions are declared in Cargo.toml.
| Layer | Dependencies | Purpose |
|---|---|---|
| CSV and serialization |
csv, serde, serde_json
|
CSV reading/writing and wire DTO serialization |
| Time, randomness, hashing support |
chrono, rand
|
Timestamps and generated replacement values |
| Validation and detection |
regex, email_address, url, phonenumber, iban_validate, card-validate, vat_id_validator, ssn, ein
|
Structured PII validators and detector support |
| Multilingual header detection |
unicode-normalization, unicode-segmentation, strsim
|
Unicode-safe terms, word segmentation, and conservative fuzzy matching |
| Direct input parsing |
quick-xml, yaml_serde
|
XML and YAML pasted-data workflows |
| Error handling | thiserror |
Rust error types |
| Desktop shell |
tauri, tauri-build, tauri-plugin-dialog, directories, open
|
Tauri runtime, file dialogs, settings paths, and opening output locations |
| Local AI HTTP | reqwest |
Ollama status checks, generation calls, and model download streaming |
| Tests and benchmarks |
tempfile, criterion
|
Temporary files and Criterion benchmarks |
| Crate | Manifest | Dependency role |
|---|---|---|
| Core | crates/csv-anonymizer-core/Cargo.toml |
Depends on detector, parser, validator, serde, random, Unicode, XML/YAML, and error libraries |
| CLI harness | crates/csv-anonymizer-app/Cargo.toml |
Uses the core crate for smoke and command-line flows |
| Tauri shell | src-tauri/Cargo.toml |
Uses the core crate plus Tauri, dialog, settings, open, reqwest, and serde dependencies |
frontend/package.json runtime dependencies:
| Dependency | Purpose |
|---|---|
react |
UI rendering |
react-dom |
DOM rendering |
@tauri-apps/api |
Tauri app and invoke APIs |
lucide-react |
Icons |
Development dependencies include:
- Vite and React plugin:
vite,@vitejs/plugin-react - TypeScript and Node/React types:
typescript,@types/node,@types/react,@types/react-dom - Tests:
vitest,jsdom,@testing-library/react,@testing-library/jest-dom,@testing-library/user-event - Browser and accessibility checks:
@playwright/test,@axe-core/playwright - Linting:
eslint,@eslint/js,typescript-eslint,eslint-plugin-react-hooks,eslint-plugin-react-refresh,globals - Dead code and build helpers:
knip,esbuild
Some required tools are installed by CI or expected locally:
- Rust stable toolchain through
dtolnay/rust-toolchainin CI. -
cargo-auditfor RustSec checks. -
cargo-machetefor unused Rust dependency scans. - Playwright Chromium for e2e and accessibility tests.
- Linux packaging tools such as
pkg-config,libwebkit2gtk-4.1-dev,rpm,rpm2cpio,libarchive-tools,desktop-file-utils,appstream,zstd, andgnupg. - GPG commands for APT repository and installer checks.
- Python 3 for Linux package metadata validation and APT repository generation.
Keep dependency upgrades focused:
- Tauri 2 patch updates should move together with
TAURI_CLI_VERSIONin.github/workflows/ci.ymland.github/workflows/release.yml. -
quick-xml,reqwest, andrandfuture major/API upgrades should be separate PRs with targeted tests. - The Node engine floor remains
>=22.13.0even though CI currently pins Node 26, so do not rely on Node 26-only runtime APIs unless the engine floor changes.
Related pages: Dependency freshness, Tooling, and Configuration.