cargo tree support hide path dep

baoyachi / shadow-rs

A build-time information stored in your rust project.(binary,lib,cdylib,dylib)

https://docs.rs/shadow-rs

MIT License

475 stars 41 forks source link

cargo tree support hide path dep #49

Closed baoyachi closed 3 years ago

baoyachi commented 3 years ago

...
│   │   [build-dependencies]
│   │   └── clap v2.33.3 (*)
│   ├── nu-data v0.25.2 (/Users/baoyachi/nushell/crates/nu-data) (*)
│   ├── nu-errors v0.25.2 (/Users/baoyachi/nushell/crates/nu-errors) (*)
│   ├── nu-plugin v0.25.2 (/Users/baoyachi/nushell/crates/nu-plugin) (*)
│   ├── nu-protocol v0.25.2 (/Users/baoyachi/nushell/crates/nu-protocol) (*)
│   ├── nu-source v0.25.2 (/Users/baoyachi/nushell/crates/nu-source) (*)
│   ├── term_size v0.3.2 (*)
│   └── url v2.2.0 (*)
└── pretty_env_logger v0.4.0

replace with

...
│   │   [build-dependencies]
│   │   └── clap v2.33.3 (*)
│   ├── nu-data v0.25.2 (private)
│   ├── nu-errors v0.25.2 (private)
│   ├── nu-plugin v0.25.2 (private)
│   ├── nu-protocol v0.25.2 (private)
│   ├── nu-source v0.25.2 (private)
│   ├── term_size v0.3.2 (*)
│   └── url v2.2.0 (*)
└── pretty_env_logger v0.4.0

baoyachi commented 3 years ago

change

git url dep

shadow-rs = {git="http://github.com/baoyachi/shadow-rs"} simple-log = {git="ssh://git@github.com/baoyachi/simple-log.git" }

cargo dep

           SourceKind::Path => write!(f, "{}", url_display(&self.inner.url)),
            SourceKind::Registry => write!(f, "registry `{}`", url_display(&self.inner.url)),
            SourceKind::LocalRegistry => write!(f, "registry `{}`", url_display(&self.inner.url)),
            SourceKind::Directory => write!(f, "dir {}", url_display(&self.inner.url)),

if private registry,replace with (private registry).
if dep by path, replace with (private path).
if dep by git, replace with (private git).

baoyachi commented 3 years ago

filter cargo tree dependencies source

Why do this?

Sometimes, the private registry or private git url that our cargo relies on will carry this information with the cargo tree command output we use. In order to protect the privacy of dependence, we need to shield it.

This can protect us from the security issues we rely on environmental information.

I think it is very necessary.So we need to do fuzzy replacement of dependent output.

for examples:

dep by git: shadow-rs = { git = "https://github.com/baoyachi/shadow-rs", branch="master" }
dep by registry: shadow-rs = { version = "0.5.23",registry="private-crates" }
dep by path: shadow-rs = { path = "/Users/baoyachi/shadow-rs" }

before exec: cargo tree output by difference dependencies source:

git: └── shadow-rs v0.5.23 (https://github.com/baoyachi/shadow-rs?branch=master#eb712990)
registry: └── shadow-rs v0.5.23 (registry ssh://git@github.com/baoyachi/shadow-rs.git)
path: └── shadow-rs v0.5.23 ((/Users/baoyachi/shadow-rs))

after filter dependencies source

git: └── shadow-rs v0.5.23 (* git)
registry: └── shadow-rs v0.5.23 (* registry)
path: └── shadow-rs v0.5.23 (* path)

baoyachi commented 3 years ago

close:https://github.com/baoyachi/shadow-rs/pull/52