A cargo subcommand for reviewing the source code of crates.io dependencies.
cargo install cargo-review-deps
To see what exactly changes if you run
$ cargo review-deps update-diff -- --package foo
This will run (without actually updating the lockfile)
cargo update --package foo
diff --color -r of all added/removed/updated dependencies.
If you want to use a custom diff tool or need to do a more thorough
--destination option to checkout sources of dependencies
To quickly see the
diff -r of two package versions, use
$ cargo review-deps diff rand:0.6.0 rand:0.6.1
update-diff, you can use
--destination option for customized
$ cargo review-deps diff rand:0.6.0 rand:0.6.1 --destinations diff
diff/random:0.6.1 directories would
contain the sources of the respective versions.
cargo-review-deps does not rely on version control information: it
uses exactly that version of source code, that will be used by Cargo to build
To see the sources of all transitive dependencies, use
$ cargo review-deps current --destination dir/to/dump/sources/to
This will download sources of all of the dependencies to the specified directory.
cargo-audit checks your project for dependencies with security vulnerabilities reported to the RustSec Advisory Database.
MIT OR Apache-2.0