#workspace #pinning #versioning #dependencies #rust

bin+lib workspacer-pin

A Rust crate for pinning wildcard dependencies within workspaces using local versions or lockfile fallbacks, ensuring reliable and reproducible builds. Supports async operations and complex nested structures in Cargo.toml.

1 unstable release

Uses new Rust 2024

new 0.1.1 Apr 1, 2025

#7 in #pinning


Used in 3 crates (via workspacer-export)

MIT license

515KB
6K SLoC

workspacer-pin

workspacer-pin is a Rust crate designed for resolving wildcard dependencies within a workspace, focusing on enhancing package management via precise dependency pinning. It is crafted to pinpoint all dependencies denoted with wildcard characters ("*") and replace them with specific versions derived from local or lockfile sources.

Features

  • Automated Dependency Resolution: Utilizes provided traits to systematically replace wildcard dependencies with actual versions.
  • Local Path Version Sourcing: For dependencies specified by local paths, actual version numbers are pulled directly from corresponding Cargo.toml files.
  • Lockfile Reference: When dealing with workspace dependencies without explicit local paths, it falls back on versions listed in the lockfile.
  • Nested Dependency Handling: Traverses complex nested tables in Cargo.toml to ensure all wildcard instances are addressed.

Usage

Integrate workspacer-pin into your workspace as follows:

  • Implement PinAllWildcardDependencies and PinWildcardDependencies for your structures, ensuring error handling congruence.
  • Leverage asynchronous functions such as pin_wildcard_dependencies_in_table and fix_nested_tables to walk through dependency structures and pin versions appropriately.

Example

use workspacer_pin::{PinAllWildcardDependencies, PinWildcardDependencies};

async fn manage_dependencies(workspace: &mut Workspace) -> Result<(), WorkspaceError> {
    workspace.pin_all_wildcard_dependencies().await
}

Technical Specifics

The crate utilizes advanced Rust features including async/await patterns and trait implementations. The LockVersionMap is a primary data structure, offering efficient lookup of available versions with its combination of BTreeMap and BTreeSet.

Audience

This crate is aimed at developers managing Rust workspaces who require robust methods to reconcile dependencies, especially for large or complex projects featuring a myriad of localized and external dependencies.

Dependencies

~40–74MB
~1M SLoC