Report when multiple versions of a crate are in the dependency tree

[briansmith]

It is common to see, for example, Cargo.lock reference two or three versions of env_logger, log, ordermap, rand, etc. The consequence of having multiple versions of crates in the dependency tree is:

• Each version needs to be downloaded, which slows the total from-scratch build time.
• Usually each version needs to be built, which increases build time.
• Often code from each version gets linked into the executable, which increases the final executable size.

In one relatively small project, I found that 10 different libraries were duplicated in our Cargo.lock. (It's too early to report the before/after size difference or built time in the project, since I'm still in the process of fixing this.)

This is the command line I use to find duplicates:

cat Cargo.lock | grep "^ \"" | cut -d " " -f 2,3 | sort | uniq | cut -d " " -f 1 | uniq -c | grep -v " 1"

[briansmith]

More related to the core functionality of cargo-bloat, it would be useful to show the total size contribution to the final executable of each version of a library.

[RazrFalcon]

1. You can use cargo tree --duplicates for this.
2. I don't have information about crate version. So I can't implement this.