3 releases (breaking)
0.3.1 | Aug 14, 2024 |
---|---|
0.2.0 | Aug 8, 2024 |
0.1.0 | Jul 31, 2024 |
#224 in Procedural macros
46KB
655 lines
embed-licensing
Embed licensing information of dependencies to comply with free software licenses.
This allows outputting a list of all dependencies at runtime.
Features
- collecting dependencies at build-time using a proc macro
- name
- version
- authors (from Cargo.toml)
- license (SPDX expression from Cargo.toml’s
license
field or content oflicense-file
) - website (
homepage
,repository
ordocumentation
from Cargo.toml)
- collecting licenses of dependencies
- collecting license exceptions of dependencies
- optional collection of development (only for direct dependencies) and build dependencies (by default, only normal dependencies are collected)
- optional limiting of dependencies to a specific platform (target and cfg options)
Non-Features
- ready to use HTML template (every application has different needs)
- CLI tool (there are already great tools out there, see Alternatives)
- manual override of wrong or incomplete data (this should instead be changed by the crate upstream)
Accuracy
The mechanism this crate uses can never be exact.
For determining the licenses of a dependency,
only the license
and license-file
attributes of a Cargo manifest are used.
Similarly, the authors are also only pulled from the Cargo manifest.
Therefore, you should always consult with a legal professional, if the output of this crate meets the obligations of all licenses of your dependencies, before using this crate.
Alternatives
- cargo-about is the initial inspiration for this project. It chooses a different approach and generates a static file from a handlebars template.
- cargo-deny is a linter for dependencies,
including their licenses.
It also offers the
cargo deny list
subcommand for listing all licenses of dependencies (and the dependencies that use them). - cargo-license outputs a list similar to
cargo deny list
, but has a more configurable output. - cargo-cyclonedx creates a CycloneDX SBOM for a crate.
All alternatives do not allow running at compile time (as a proc-macro) and using the result at runtime.
License
This project is available under the terms of the MPL 2.0. The exact details can be found in the header of each file.
Dependencies
~2–3MB
~45K SLoC