Dependency Management

RecipeCrates
Edit Cargo.tomlcargo-edit
Detect Dependencies that are Out of Datecargo-outdated
Find Unused Dependenciescargo-udepscargo-machete
deps.rsdeps.rs
Rust Diggerrust-digger.code-maven.com

Rust's dependency management is handled by Cargo, its built-in package manager.

  • Cargo.toml, located at the root of a Rust project, is the manifest file that defines the project's metadata and dependencies. The [dependencies] section within Cargo.toml is where you specify the external crates (libraries) your project relies on.
  • Cargo.lock records the exact versions of all dependencies used in a project. It ensures that builds are reproducible, even if new versions of dependencies are released.
  • Cargo automates the process of downloading from crates.io, building, and linking dependencies. It resolves dependency versions, ensuring compatibility and preventing conflicts.

See the Cargo and Development Tools: Cargo Plugins chapters.

Edit Cargo.toml

cargo-edit cargo-edit-crates.io cargo-edit-github cargo-edit-lib.rs cat-development-tools cat-development-tools::cargo-plugins

cargo edit provides commands for modifying a Cargo.toml file. It allows you to add, remove, and upgrade dependencies by modifying your Cargo.toml file from the command line.

Currently available subcommands:

  • cargo upgrade.
  • cargo set-version.

Find Unused Dependencies

cargo udeps

cargo-udeps cargo-udeps-crates.io cargo-udeps-github cargo-udeps-lib.rs cat-development-tools cat-development-tools::cargo-plugins

udeps⮳ find unused dependencies in Cargo.toml .

While compilation of this tool also works on Rust stable, it needs Rust nightly to actually run.

cargo machete

cargo-machete cargo-machete-crates.io cargo-machete-github cargo-machete-lib.rs

cargo-machete⮳ is a cargo tool that detects unused dependencies in Rust projects, in a fast (yet imprecise) way.

Install and run with:

cargo install cargo-machete
cargo machete

Detect Dependencies that are Out of Date

cargo-outdated cargo-outdated-crates.io cargo-outdated-github cargo-outdated-lib.rs

cargo-outdated is a cargo subcommand for displaying when dependencies are out of date.

If you are using VS Code, also look into the Dependi VS Code plugin.

deps.rs

deps.rs(github)

The deps.rs⮳ website uses semantic versioning to detect outdated or insecure dependencies in your project's Cargo.toml.

Rust Digger

rust-digger.code-maven.com⮳ collects data about Rust Crates⮳ to find the common practices of Open Source Rust developers and trying to improve the Rust ecosystem.

Related Topics

  • Cargo.
  • Development Tools.
  • Versioning.