Dependency Management

Rust's dependency management is handled by Cargo⮳, its built-in package manager.

• Cargo.toml, located at the root of a Rust project, is the manifest file that defines the project's metadata and dependencies. The [dependencies] section within Cargo.toml is where you specify the external crates (libraries) your project relies on.
• Cargo.lock records the exact versions of all dependencies used in a project. It ensures that builds are reproducible, even if new versions of dependencies are released.
• Cargo automates the process of downloading from crates.io, building, and linking dependencies. It resolves dependency versions, ensuring compatibility and preventing conflicts.

See the Cargo and Development Tools: Cargo Plugins chapters.

Edit Cargo.toml

cargo edit provides commands for modifying a Cargo.toml⮳ file. It allows you to add, remove, and upgrade dependencies by modifying your Cargo.toml⮳ file from the command line.

Currently available subcommands:

• cargo upgrade.
• cargo set-version.

Find Unused Dependencies

cargo udeps

udeps⮳ find unused dependencies in Cargo.toml⮳ .

While compilation of this tool also works on Rust stable, it needs Rust nightly to actually run.

cargo machete

cargo-machete⮳ is a cargo⮳ tool that detects unused dependencies in Rust projects, in a fast (yet imprecise) way.

Install and run with:

cargo install cargo-machete
cargo machete

Detect Dependencies that are Out of Date

cargo-outdated⮳ is a cargo⮳ subcommand for displaying when dependencies are out of date.

If you are using VS Code, also look into the Dependi VS Code plugin.

deps.rs

deps.rs⮳ (github)⮳

The deps.rs⮳ website uses semantic versioning to detect outdated or insecure dependencies in your project's Cargo.toml⮳.

Rust Digger

rust-digger.code-maven.com⮳ collects data about Rust Crates⮳ to find the common practices of Open Source Rust developers and trying to improve the Rust ecosystem.

Related Topics

• Cargo.
• Development Tools.
• Versioning.