Skip to content

Verify that registry crates in your Cargo.lock are reproducible from the git repository

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Notifications You must be signed in to change notification settings

M4SS-Code/cargo-goggles

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cargo-goggles

Crates.io Version Crates.io License CI dependency status

Verify that registry crates in your Cargo.lock are reproducible from the git repository.

This cargo subcommand analyzes the following properties for crates in your Cargo.lock:

  1. Cargo.toml contains a repository field pointing at a valid git repository
  2. For each of the releases you are using, a valid git tag is present on the release commit
  3. The tagged commit matches the value in .cargo_vcs_info.json, if present
  4. The contents of the crates.io release are reproducible from the files inside the repo

How to use it

# Install
cargo install --locked cargo-goggles

# Run it inside your project (must already contain a Cargo.lock file)
cargo goggles

Roadmap

  • Cleanup most of the code
  • Make it into a proper library and CLI
  • Support registries other than crates.io
  • Fix some flaws
  • Make it pull previously cloned repositories when changes are available
  • Stop relying on the git CLI
  • Make it faster
  • Make it easy to see differences between the contents of the git repository and the registry

See also

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

About

Verify that registry crates in your Cargo.lock are reproducible from the git repository

Resources

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Stars

Watchers

Forks

Packages

No packages published

Languages