#cargo #dependency #lock #lockfile

bin+lib cargo-lock

Self-contained Cargo.lock parser with optional dependency graph analysis

15 releases (8 stable)

7.0.1 Jul 6, 2021
6.0.1 Jan 26, 2021
6.0.0 Sep 25, 2020
5.0.0 Sep 23, 2020
0.2.1 Sep 21, 2019

#18 in Parser implementations

Download history 20870/week @ 2021-08-12 18491/week @ 2021-08-19 20844/week @ 2021-08-26 18670/week @ 2021-09-02 23512/week @ 2021-09-09 23385/week @ 2021-09-16 23285/week @ 2021-09-23 20819/week @ 2021-09-30 21978/week @ 2021-10-07 23363/week @ 2021-10-14 22913/week @ 2021-10-21 19446/week @ 2021-10-28 19750/week @ 2021-11-04 20524/week @ 2021-11-11 22765/week @ 2021-11-18 16293/week @ 2021-11-25

82,069 downloads per month
Used in 98 crates (16 directly)

Apache-2.0 OR MIT

1.5K SLoC

RustSec: cargo-lock crate

Latest Version Docs Build Status Safety Dance MSRV Apache 2.0 OR MIT licensed Project Chat

Self-contained serde-powered Cargo.lock parser/serializer with support for both the V1 and V2 (merge-friendly) formats, as well as optional dependency tree analysis features. Used by RustSec.

When the dependency-tree feature of this crate is enabled, it supports computing a directed graph of the dependency tree, modeled using the petgraph crate, along with support for printing dependency trees ala the cargo-tree crate.


Minimum Supported Rust Version

Rust 1.41 or higher.

Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.

SemVer Policy

  • MSRV is considered exempt from SemVer as noted above
  • The cargo lock CLI interface is not considered to have a stable interface and is also exempted from SemVer. We reserve the right to make substantial changes to it at any time (for now)

Command Line Interface

This crate provides a cargo lock subcommand which can be installed with:

$ cargo install cargo-lock --features=cli

It supports the following subcommands:

  • list: list packages in Cargo.lock
  • translate: translate Cargo.lock files between the V1 and V2 formats
  • tree: print a dependency tree from Cargo.lock alone

See the crate documentation for more detailed usage information.


Licensed under either of:

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.


~91K SLoC