#licensing #embed #cargo-toml #free #proc-macro #information #run-time

embed-licensing

Embed licensing information of dependencies to comply with free software licenses

3 releases (breaking)

0.3.1 Aug 14, 2024
0.2.0 Aug 8, 2024
0.1.0 Jul 31, 2024

#224 in Procedural macros

MPL-2.0 license

46KB
655 lines

embed-licensing

Embed licensing information of dependencies to comply with free software licenses.

This allows outputting a list of all dependencies at runtime.

Features

  • collecting dependencies at build-time using a proc macro
    • name
    • version
    • authors (from Cargo.toml)
    • license (SPDX expression from Cargo.toml’s license field or content of license-file)
    • website (homepage, repository or documentation from Cargo.toml)
  • collecting licenses of dependencies
  • collecting license exceptions of dependencies
  • optional collection of development (only for direct dependencies) and build dependencies (by default, only normal dependencies are collected)
  • optional limiting of dependencies to a specific platform (target and cfg options)

Non-Features

  • ready to use HTML template (every application has different needs)
  • CLI tool (there are already great tools out there, see Alternatives)
  • manual override of wrong or incomplete data (this should instead be changed by the crate upstream)

Accuracy

The mechanism this crate uses can never be exact. For determining the licenses of a dependency, only the license and license-file attributes of a Cargo manifest are used. Similarly, the authors are also only pulled from the Cargo manifest.

Therefore, you should always consult with a legal professional, if the output of this crate meets the obligations of all licenses of your dependencies, before using this crate.

Alternatives

  • cargo-about is the initial inspiration for this project. It chooses a different approach and generates a static file from a handlebars template.
  • cargo-deny is a linter for dependencies, including their licenses. It also offers the cargo deny list subcommand for listing all licenses of dependencies (and the dependencies that use them).
  • cargo-license outputs a list similar to cargo deny list, but has a more configurable output.
  • cargo-cyclonedx creates a CycloneDX SBOM for a crate.

All alternatives do not allow running at compile time (as a proc-macro) and using the result at runtime.

License

This project is available under the terms of the MPL 2.0. The exact details can be found in the header of each file.

Dependencies

~2–3MB
~45K SLoC