📜 cargo-about

Cargo plugin for generating a listing of all of the crates used by a root crate, and the terms under which they are licensed

📜 cargo-about

Cargo plugin for generating a license listing for all dependencies of a crate

See the book 📕 for in-depth documentation.

Please Note: This is a tool that we use (and like!) and it makes sense to us to release it as open source. However, we can’t take any responsibility for your use of the tool, if it will function correctly or fulfil your needs. No functionality in - or information provided by - cargo-about constitutes legal advice.

Getting started

Installing

From crates.io

From the AUR

Arch Linux users can install cargo-about from the AUR using an AUR helper. For example,

Generate license information for your own project

Contributing

We welcome community contributions to this project.

Please read our Contributor Guide for more information on how to get started.

License

Licensed under either of

  • Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
  • MIT license (LICENSE-MIT or <#404>)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Issues

Collection of the latest Issues

Jake-Shadle

Jake-Shadle

bug
0

As seen in #193, you can create a clarification but not supply files or git to use as the source of truth, which means the clarification isn't used and the fallback of concatenating all discovered licenses is used, which is confusing. At least one of them is required.

MaulingMonkey

MaulingMonkey

enhancement
0

Is your feature request related to a problem? Please describe. It appears cargo-about will silently fail to generate license text for [[DEPPENDENCY.additional]] tags which only specify license-file and not license. This might occur if:

  • The license file is outside of the crate (e.g. using a relative path like ../../LICENSE-MIT, like I was trying to)
  • The license filename or path is typoed (e.g. LICENSE-MOT)
  • The license file was moved without updating about.toml (e.g. from LICENSE-MIT to LICENSE-MIT.md)

Describe the solution you'd like Some kind of error, warning, or other diagnostic if a license-file isn't resolved.

Describe alternatives you've considered My own needs for this feature are mooted by "Add a --workspace flag " https://github.com/EmbarkStudios/cargo-about/issues/151 , but I imagine others will accidentally omit licenses trying to use this feature.

Luminoth

Luminoth

enhancement
1

Is your feature request related to a problem? Please describe.

Not exactly a problem, but our use case is generally "gather license information and put it in a spreadsheet" so this would be solving a problem for us for sure.

Describe the solution you'd like

It'd be super rad if there was an option to output CSV format instead of HTML.

Describe alternatives you've considered

We've used cargo-license for this in the past, but it would be nice to have it all in one tool and cargo-about / cargo-deny are really the direction we'd like to stick with given their feature set outside of this.

WildCryptoFox

WildCryptoFox

enhancement
0

cargo about generate stops looking for licenses after it finds a license which was not accepted. This is especially annoying when working with many files as the current iteration approach is really quite slow.

For comparison. ripgrep even with --no-ignore flies through all my files almost immediately. It would be worth taking a few pages out of rg's book.

Edit: cargo license does not do the deep analysis to find licenses but is immediate to give feedback.

Versions

Find the latest versions by id

0.5.1 - Apr 05, 2022

Added

Changed

0.5.0 - Mar 04, 2022

Changed

  • PR#187 closed #185 by making it so that all crates marked as publish = false will be ignored, rather than the previous behavior of only ignore workspace members. Please file an issue if this behavior is not acceptable. Thanks @danielnelson!

0.4.8 - Mar 02, 2022

Fixed

  • PR#184 fixed #183 to correct an issue where licenses were misattributed to crates if 1 or more crates was marked as publish = false and private crates were ignored in the config. Thanks @danielnelson!

0.4.7 - Feb 09, 2022

Fixed

  • PR#182 fixed #181 by adding version, author, and about metadata to the CLI output, as structopt by default added that, but clap v3 does not.

0.4.6 - Feb 07, 2022

Fixed

  • PR#180 fixed #179 by setting the MSRV to 1.56.1 and adding a CI check for it.

0.4.5 - Feb 04, 2022

Changed

  • PR#178 updated dependencies.

0.4.4 - Dec 23, 2021

Fixed

  • PR#177 updated the structure for the .cargo_vcs_info.json file since it now contains the path in the repo of the crate.

Changed

0.4.3 - Nov 22, 2021

Fixed

  • PR#176 fixed #175 by updating askalono which was causing cargo install failures due to cargo install's default behavior of not using the Cargo.lock file. This got rid of the failure dependency as well, which was pulling in a lot of additional crates that are now gone.

0.4.2 - Nov 21, 2021

Changed

0.4.1 - Nov 01, 2021

Added

  • PR#172 resolved #171 by adding support for ignoring private workspace crates.

0.4.0 - Oct 28, 2021

Added

  • PR#168 added the ability to retrieve harvested license data from clearlydefined.io, which generally has superior machine harvested data to the old of approach of relying completely on askalono and local file scanning. This gathering is enabled by default, but can be turned off with the no-clearly-defined option in the config.
  • PR#168 added the concept of clarifications, which are essentially user specified overrides for the license for a crate, using 1 or more sources of truth to ensure there is no drift between the clarification and the crate license over time.
  • PR#168 added built-in workarounds, which are just opt-in clarifications that are built-in to cargo-about itself so that users of cargo-about don't have to repeat the same clarification process for various popular crates in the ecosystem.
  • PR#168 added the clarify subcommand, which can be used to help you clarify particular crates.
  • PR#168 added support for accepted licenses on a per-crate basis in addition to the global accepted licenses.
  • PR#169 added an mdbook at https://embarkstudios.github.io/cargo-about/ to give improved documentation over the previous README.md only approach.

Changed

Removed

  • PR#169 removed the additional and ignore crate configuration in favor of clarifications and/or the better harvested content from clearlydefined.io.

0.3.0 - Mar 17, 2021

Added

Changed

  • PR#157 returned to mimalloc from rpmalloc to address #137. The original issue with mimalloc relying on cmake was fixed. Thanks @badboy!
  • Crates which use the same license are also now sorted lexicographically.
  • Updated dependencies, namely krates.

0.2.3 - Nov 11, 2020

Changed

  • Updated dependencies.

0.2.2 - May 07, 2020

Changed

  • PR#84 switched from mimalloc to rpmalloc to avoid usage of cmake which broke musl builds.

0.2.0 - Jan 24, 2020

Added

  • cfg() dependendent crates can now be ignored by specifying only the targets = [] you actually build for
  • build and dev dependencies can now be optionally ignored

Fixed

  • The used_by list of crates that use a particular license are now always sorted lexicographically

0.1.1 - Dec 12, 2019

Fixed

  • #20 Fewer files are now scanned for license information
  • #21 Pipes in the file system are now ignored on unix systems
  • #23 Fixes searching for the about.toml configuration file

0.1.0 - Dec 06, 2019

0.0.1 - Nov 07, 2019

Information - Updated May 25, 2022

Stars: 253
Forks: 16
Issues: 6

This is an example of a Rust server that functions as a remote schema for...

Rust + Hasura Rust server that functions as a Hasura

This is an example of a Rust server that functions as a remote schema for...

Newport Engine is a modular 2D and 3D game engine built in Rust for Rust

It is designed to be easily extendable and easy to use

Newport Engine is a modular 2D and 3D game engine built in Rust for Rust

Newport Engine is a modular 2D and 3D game engine built in Rust for Rust

It is designed to be easily extendable and easy to use

Newport Engine is a modular 2D and 3D game engine built in Rust for Rust

liboqs-rust: Rust bindings for liboqs

Qyantum Safe liboqs rust bindings

liboqs-rust: Rust bindings for liboqs

msgflo-rust: Rust participant support for MsgFlo

Flowhub visual programming IDE

msgflo-rust: Rust participant support for MsgFlo

Trojan-rust is a rust implementation for Trojan protocol that is targeted to circumvent GFW

Trojan protocol that is targeted to circumvent tokio-rs to achieve high performance async io

Trojan-rust is a rust implementation for Trojan protocol that is targeted to circumvent GFW
Actix

1.0K

How to be a full stack Rust Developer

Read Rust the Rust blog posts at Steadylearner

How to be a full stack Rust Developer

Rust library translation (rust-src/rust-std/stdlib/rustlib translation)

This is the place to translate Having a documentation in your native language is essential if you don't speak English, and still enjoyable even if...

Rust library translation (rust-src/rust-std/stdlib/rustlib translation)

False Positive for rust-lang/rust#83583

The deprecation lint proc_macro_derive_resolution_fallback is intended to catch proc macro generated code that refers to items from parent modules that should not be in scope:

False Positive for rust-lang/rust#83583

A CHIP-8 &amp; SuperChip interpreter written in Rust using rust-sdl2

If you're getting compile errors it may be because

A CHIP-8 &amp; SuperChip interpreter written in Rust using rust-sdl2

Rust-Svelte-on-Rust

Starter template for Rocket backend server

Rust-Svelte-on-Rust
Facebook Instagram Twitter GitHub Dribbble
Privacy