Support graph pruning by target #63
Comments
|
Looks like this target cfg expressions actually is in the current 1.40 stable version also, got this when running
|
|
Ahh nice! |
|
We would need to build a small |
|
Nice! Except CC0 for code, not nice |
|
Yah, I think maybe rolling our own, similar to how spdx works, where it can both parse, as well as evaluate, would probably make sense. |
|
Agreed, and sounds like fun also. Would be useful in multiple projects also, definitely in |
|
I have a pretty large project for which I use cargo deny currently to report dependencies. I would very much like to report dependencies that apply to the current target (OS and arch) only. Actually, we support about 8 platforms in our product and we want separately-pruned dependencies reports for each one. I would be very happy to test this and report back, or review code, or otherwise help with this. Also, based on briansmith/ring#904 I think others have similar needs. |
cargo-metadatahas added support for kind/target for dependencies rust-lang/cargo#7132, this would allow users to specify which targets they actually care about, rather than...all of them.For example, the
ringcrate has a dependency onweb-syswhich pulls in a ton of additional dependencies, but they are only relevant if you are building ring for wasm, however you currently can't determine that is the case withcargo-metadata, so cargo-deny considers web-sys and all of its transitive dependencies for licensing, multiple versions, and security vulnerabilities, even if the crate is never actually built for wasm.The text was updated successfully, but these errors were encountered: