This is small extension to cargo, to check your dependency tree against the database of
clearlydefined.io.
ClearlyDefined and our parent organization, the Open Source Initiative, are on a mission to help FOSS projects thrive by being, well, clearly defined.
cargo install cargo-clearlydefined
In the project you wan to check, execute the following command:
cargo clearlydefined
This will fetch dependencies metadata, and print out a report of the dependencies that have a score below 80.
To get some command line help, run:
cargo clearlydefined --help
Which should print out:
~~~ cargo-clearlydefined 0.1.0
USAGE: cargo clearlydefined [OPTIONS]
OPTIONS:
-i, --input Override the location of the input file (Cargo.lock)
-v, --verbose Verbose mode, repeat to increase verbosity
-s, --score
You can set the target score:
cargo clearlydefined --score 50
It is also possible to lower the score to 0.
By default, only the "failed" dependencies are shown. You can however get a report of all dependencies:
cargo clearlydefined --all
The default output format is "text", but you have some other options as well:
In order to get a comma separated output:
cargo clearlydefined -o csv
If you choose to show all dependencies, an additional column will be added, that contains the result of the test.
To get a nice markdown result, use:
cargo clearlydefined -o markdown
This will create a markdown table, including a badge, that shows the outcome of the test, if you choose to display all dependencies.
It is also possible to provide the argument --link, which will always add a link to clearlydefined.io
in the score column.
And of course, there is plain text as well. The default.
You can exclude dependencies from the