20 releases (13 stable)

9.0.0 Apr 24, 2023
8.0.3 Dec 1, 2022
8.0.2 Jun 30, 2022
7.1.0 Apr 23, 2022
0.2.1 Sep 21, 2019

#138 in Parser implementations

Download history 65893/week @ 2024-01-27 67182/week @ 2024-02-03 69972/week @ 2024-02-10 70963/week @ 2024-02-17 79461/week @ 2024-02-24 74267/week @ 2024-03-02 67117/week @ 2024-03-09 70079/week @ 2024-03-16 74473/week @ 2024-03-23 68229/week @ 2024-03-30 62910/week @ 2024-04-06 67647/week @ 2024-04-13 68243/week @ 2024-04-20 69348/week @ 2024-04-27 61580/week @ 2024-05-04 59483/week @ 2024-05-11

271,300 downloads per month
Used in 206 crates (45 directly)

Apache-2.0 OR MIT

1.5K SLoC

RustSec: cargo-lock crate

Latest Version Docs Build Status Safety Dance MSRV Apache 2.0 OR MIT licensed Project Chat

Self-contained serde-powered Cargo.lock parser/serializer with support for the V1, V2 (merge-friendly) and V3 formats, as well as optional dependency tree analysis features. Used by RustSec.

When the dependency-tree feature of this crate is enabled, it supports computing a directed graph of the dependency tree, modeled using the petgraph crate, along with support for printing dependency trees ala the cargo-tree crate.


Minimum Supported Rust Version

Rust 1.60 or higher.

Minimum supported Rust version can be changed in the future, but it will be accompanied by a minor version bump.

SemVer Policy

  • MSRV is considered exempt from SemVer as noted above
  • The cargo lock CLI interface is not considered to have a stable interface and is also exempted from SemVer. We reserve the right to make substantial changes to it at any time (for now)
  • The dependency-tree feature depends on the pre-1.0 petgraph crate. We reserve the right to update petgraph, however when we do it will be accompanied by a minor version bump.

Command Line Interface

This crate provides a cargo lock subcommand which can be installed with:

$ cargo install cargo-lock --features=cli

It supports the following subcommands:

  • list: list packages in Cargo.lock
  • translate: translate Cargo.lock files between the V1 and V2 formats
  • tree: print a dependency tree from Cargo.lock alone

See the crate documentation for more detailed usage information.


Licensed under either of:

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.


~94K SLoC