est31/cargo-udeps

Find unused dependencies in Cargo

While compilation of this tool also works on Rust stable,

cargo-udeps

Find unused dependencies in Cargo.toml.

While compilation of this tool also works on Rust stable, it needs Rust nightly to actually run.

Installation

GitHub Releases

https://github.com/est31/cargo-udeps/releases

cargo install (crates.io)

cargo install (master)

Dedicated packages

Some GNU/Linux distros have packaged cargo-udeps:

  • Nix/Nix OS: cargo-udeps
  • Arch Linux: pacman -S cargo-udeps

Usage

It either prints out a "unused crates" line listing the crates, or it prints out a line saying that no crates were unused.

Ignoring some of the dependencies

To ignore some of the dependencies, add package.metadata.cargo-udeps.ignore to Cargo.toml.

Known bugs

  • Some unused crates might not be detected. This includes crates used by std and its dependencies as well as crates that are already being used by dependencies of the studied crate.

  • Crates are currently only handled on a per name basis. Two crates with the same name but different versions would be a problem.

Trophy case

This is a list of cases where unused dependencies were found using cargo-udeps. You are welcome to expand it:

  • https://github.com/nushell/nushell/pull/519
  • https://github.com/servo/pathfinder/pull/236
  • https://github.com/oconnor663/shared_child.rs/commit/5929637f5cf1bebc5d608b4d98fd5c8a10626712
  • https://github.com/oconnor663/bao/commit/d216ee7c04e3587925dee68cce0b2a1ba44bc1d2
  • https://github.com/dabreegster/abstreet/commit/03b685673bebbc95e2bcbd7c85358547bcffe8c3
  • https://github.com/rust-lang/crater/pull/446
  • https://github.com/kodegenix/kg-tree/commit/0270ec495887cf0ff7580155db4ff12664614ee8
  • https://github.com/opereon/opereon/commit/4d29cf174c0b178c1484f698ceb0e654f95a78d0
  • https://github.com/djg/audioipc-2/commit/de0fc58cf1e87079027fce06b50eeffa6ae23d54
  • https://github.com/casey/just/pull/587
  • https://github.com/Garvys/rustfst/pull/76
  • https://github.com/yewstack/yew_router/pull/252
  • https://github.com/rust-bitcoin/rust-bitcoincore-rpc/pull/169
  • https://github.com/hendrikmaus/helm-templexer/pull/85

License

This tool is distributed under the terms of both the MIT license and the Apache License (Version 2.0), at your option.

See LICENSE for details.

License of your contributions

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Issues

Collection of the latest Issues

chitoyuu

chitoyuu

bug
Comment Icon0

I have a workspace that contains a crate with no dependencies, which is depended on by a few other crates in the same workspace. Running cargo udeps in the workspace sometimes results in the following error:

As an workaround, adding an arbitrary dependency to the problematic crate temporarily resolves the problem, until it's removed. Running cargo clean before cargo udeps does not seem to have any effects.

cargo-udeps is compiled from commit dece8b2. The crates are in edition 2021. I haven't been able to reproduce the problem with a fresh workspace, unfortunately.

jvimal-eg

jvimal-eg

bug
Comment Icon7

I am trying to run udeps on a workspace with many crates, and I see this error below:

The build.rs file line 2 where the stack trace points to doesn't have anything. I think it's probably a function call injected into the build script by cargo that's looking for project metadata?

I can't --exclude this crate because it's a common dependency across other crates in the workspace.

Any thoughts on what could be the issue?

ralpha

ralpha

bug
Comment Icon0

We use iso639-1 in our tool. But this is flagged as unused. This is most likely because of the - in the crate name. The actual use is iso639_1::something()

So the - is replaced with a _ in the code. If this is a common problem maybe there can a special case for all the crates that have a - in there name.

For now I just added it to the ignore list:

Veetaha

Veetaha

enhancement
Comment Icon6

Would there be an interest to roll out a GitHub action for cargo-udeps so that adding this one to CI runs would be just a one-liner? There is an awesome template by embark guys with their cargo-deny sanitizer we could use as a reference, which is nothing more than a Dockerfile and 3-4 lines of bash at it's core (link) There is also an opened issue to think about somehow merging deny and udeps both together, but this is yet another topic :D

The action will probably reside in a separate repo (since it involves tagging versions of the action and this may interfere with cargo-udeps cli releases).

sezna

sezna

bug
Comment Icon5

I am not really sure what is causing this so I'm going to provide as much detail as I can. I'm using cargo-udeps in a workspace with ~15 crates on 1.44 nightly. The workspace contains 3 proc macro crates. All three of those proc macro crates fail to compile in cargo-udeps, but not with a regular cargo build, with this error:

So, it seems that perhaps the quote dependency inside of the proc macros in the workspace is triggering it?

Anyway, if I can provide any more detail, please let me know. This tool is great and I am torn by temporarily not being able to use it. :smile:

Sherlock-Holo

Sherlock-Holo

enhancement
Comment Icon3

I use libc in unit test and doc example, but not use in codes. When I let libc under [dependencies], udeps doesn't realize it is unnecessary.

Could you make udeps distinguish dependency between normal dependency and dev-dependency so we can write [dependencies] more precisely.

nmattia

nmattia

Comment Icon3

I believe this is the case. In particular I have a crate with a doctest that uses serde_json:

/// use serde_json; /// ... (use serde_json here)

my_crate v0.1.0 (/path/to/my_crate)` └─── (dev-)dependencies └─── "serde_json"


However `cargo test` (correctly) fails if I remove the crate.

(note: I'm running cargo udeps --all-targets).

therealprof

therealprof

bug
Comment Icon2

The goal of the project is very laudable but I have the feeling it's falling a bit short by having one of the longest depedencies sets of all projects I've worked with (including really big ones) with 172 crates...

est31

est31

Comment Icon0

The current approach is to compile the entire crate and use save-analysis. While this is very good at mimicing the actual build, it also is very time consuming, requires nightly, and compiles all dependencies of the crate. Also, it can't really be run on completely untrusted code.

An alternative approach would be to parse the Rust code with syn, following all mod statements. Then one can scan for all top level-path items and check their names.

Versions

Find the latest versions by id

v0.1.25 - Dec 10, 2021

v0.1.24 - Oct 22, 2021

v0.1.23 - Sep 15, 2021

v0.1.22 - Jun 17, 2021

v0.1.21 - May 07, 2021

v0.1.20 - Mar 26, 2021

v0.1.19 - Mar 09, 2021

v0.1.18 - Feb 12, 2021

v0.1.17 - Jan 24, 2021

v0.1.16 - Nov 20, 2020

v0.1.15 - Oct 10, 2020

v0.1.14 - Aug 28, 2020

v0.1.13 - Jul 19, 2020

v0.1.12 - Jun 05, 2020

v0.1.11 - Apr 23, 2020

v0.1.10 - Mar 14, 2020

v0.1.9 - Mar 12, 2020

v0.1.8 - Feb 29, 2020

v0.1.7 - Jan 31, 2020

v0.1.6 - Dec 01, 2019

Information - Updated Dec 15, 2021

Stars: 643
Forks: 20
Issues: 17

Repositories & Extras

serde-json for no_std programs

MIT license (LICENSE-MIT or

serde-json for no_std programs

macOS/iOS Security framework for Rust

MIT license (LICENSE-MIT or

macOS/iOS Security framework for Rust

OpenGliderNetwork client for Rust based on actix

MIT license (LICENSE-MIT or

OpenGliderNetwork client for Rust based on actix

📜 cargo-about

Cargo plugin for generating a listing of all of the crates used by a root crate, and the terms under which they are licensed

📜 cargo-about

A video game for programmers set in space

MIT license (LICENSE-MIT or

A video game for programmers set in space

TODO_README_DESCRIPTION

(LICENSE-MIT or Semantic Versioning 2

TODO_README_DESCRIPTION

Sqllogictest is a testing framework to verify the correctness of an SQL database

(LICENSE-MIT or Developer Certificate of Origin

Sqllogictest is a testing framework to verify the correctness of an SQL database

apply-license is a simple command-line tool that strives to make applying

open-source licenses to your software as easy and automated as possible

apply-license is a simple command-line tool that strives to make applying

Guerrilla (or Monkey) Patching in Rust for (unsafe) fun and profit

(LICENSE-MIT or monkey-patching-in-go

Guerrilla (or Monkey) Patching in Rust for (unsafe) fun and profit
Facebook Instagram Twitter GitHub Dribbble
Privacy