{"id":13672252,"url":"https://github.com/rust-secure-code/cargo-supply-chain","last_synced_at":"2025-04-27T21:32:33.688Z","repository":{"id":41904063,"uuid":"300692814","full_name":"rust-secure-code/cargo-supply-chain","owner":"rust-secure-code","description":"Gather author, contributor and publisher data on crates in your dependency graph.","archived":false,"fork":false,"pushed_at":"2024-03-22T13:32:09.000Z","size":414,"stargazers_count":318,"open_issues_count":8,"forks_count":19,"subscribers_count":13,"default_branch":"master","last_synced_at":"2024-10-31T11:58:24.166Z","etag":null,"topics":["cargo","cargo-subcommand","dependency-graph"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rust-secure-code.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-10-02T17:43:29.000Z","updated_at":"2024-10-24T16:58:27.000Z","dependencies_parsed_at":"2024-01-18T03:49:32.069Z","dependency_job_id":null,"html_url":"https://github.com/rust-secure-code/cargo-supply-chain","commit_stats":{"total_commits":300,"total_committers":9,"mean_commits":"33.333333333333336","dds":"0.41333333333333333","last_synced_commit":"f761c1607157d35389e917134386c0c49a3bb6f9"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-secure-code%2Fcargo-supply-chain","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-secure-code%2Fcargo-supply-chain/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-secure-code%2Fcargo-supply-chain/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-secure-code%2Fcargo-supply-chain/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rust-secure-code","download_url":"https://codeload.github.com/rust-secure-code/cargo-supply-chain/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224087196,"owners_count":17253518,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cargo","cargo-subcommand","dependency-graph"],"created_at":"2024-08-02T09:01:30.432Z","updated_at":"2024-11-11T10:30:31.886Z","avatar_url":"https://github.com/rust-secure-code.png","language":"Rust","funding_links":[],"categories":["Rust"],"sub_categories":[],"readme":"# cargo-supply-chain\n\nGather author, contributor and publisher data on crates in your dependency graph.\n\nUse cases include:\n\n- Find people and groups worth supporting.\n- Identify risks in your dependency graph.\n- An analysis of all the contributors you implicitly trust by building their software. This might have both a sobering and humbling effect.\n\nSample output when run on itself: [`publishers`](https://gist.github.com/Shnatsel/3b7f7d331d944bb75b2f363d4b5fb43d), [`crates`](https://gist.github.com/Shnatsel/dc0ec81f6ad392b8967e8d3f2b1f5f80), [`json`](https://gist.github.com/Shnatsel/511ad1f87528c450157ef9ad09984745).\n\n## Usage\n\nTo install this tool, please run the following command:\n\n```shell\ncargo install cargo-supply-chain\n```\n\nThen run it with:\n\n```shell\ncargo supply-chain publishers\n```\n\nBy default the supply chain is listed for **all targets** and **default features only**.\n\nYou can alter this behavior by passing `--target=…` to list dependencies for a specific target.\nYou can use `--all-features`, `--no-default-features`, and `--features=…` to control feature selection.\n\nHere's a list of subcommands:\n\n```none\nGather author, contributor and publisher data on crates in your dependency graph\n\nUsage: COMMAND [ARG]…\n\nAvailable options:\n    -h, --help      Prints help information\n    -v, --version   Prints version information\n\nAvailable commands:\n    publishers  List all crates.io publishers in the depedency graph\n    crates      List all crates in dependency graph and crates.io publishers for each\n    json        Like 'crates', but in JSON and with more fields for each publisher\n    update      Download the latest daily dump from crates.io to speed up other commands\n\nMost commands also accept flags controlling the features, targets, etc.\nSee 'cargo supply-chain \u003ccommand\u003e --help' for more information on a specific command.\n```\n\n## License\n\nTriple licensed under any of Apache-2.0, MIT, or zlib terms.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frust-secure-code%2Fcargo-supply-chain","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frust-secure-code%2Fcargo-supply-chain","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frust-secure-code%2Fcargo-supply-chain/lists"}