The check command
The check command is the primary subcommand of cargo-deny as it is what actually runs through all of the crates in your project and checks them against your configuration.
Args
<WHICH>
The check(s) to perform. By default, all checks will be performed, unless one or more checks are specified here.
See checks for the list of available checks.
Options
-A, --allow <ALLOW>
Set lint allowed.
$ cargo run -- --manifest-path tests/test_data/duplicates/Cargo.toml check bans
error[duplicate]: found 2 duplicate entries for crate 'webpki-roots'
┌─ /home/jake/code/cargo-deny/tests/test_data/duplicates/Cargo.lock:138:1
│
138 │ ╭ webpki-roots 0.25.4 registry+https://github.com/rust-lang/crates.io-index
139 │ │ webpki-roots 0.26.11 registry+https://github.com/rust-lang/crates.io-index
│ ╰──────────────────────────────────────────────────────────────────────────┘ lock entries
│
├ webpki-roots v0.25.4
└── minreq v2.13.4
└── duplicates v0.1.0
├ webpki-roots v0.26.11
└── duplicates v0.1.0
bans FAILED
$ cargo run -- --manifest-path tests/test_data/duplicates/Cargo.toml check -A duplicate bans
bans ok
--audit-compatible-output
To ease transition from cargo-audit to cargo-deny, this flag will tell cargo-deny to output the exact same output as cargo-audit would, to stdout instead of stderr, just as with cargo-audit.
Note that this flag only applies when the output format is JSON, and note that since cargo-deny supports multiple advisory databases, instead of a single JSON object, there will be 1 for each unique advisory database.
-D, --deny <DENY>
Set lint denied.
$ cargo run -- --manifest-path tests/test_data/duplicates/Cargo.toml check -A duplicate bans
warning[unmatched-skip-root]: skip tree root was not found in the dependency graph
┌─ deny.toml:35:16
│
35 │ { crate = "windows-sys", reason = "a foundational crate for many that bumps far too frequently to ever have a shared version" },
│ ━━━━━━━━━━━ no crate matched these criteria
warning[unmatched-skip]: skipped crate 'getrandom = =0.2.17' was not encountered
┌─ deny.toml:31:16
│
31 │ { crate = "getrandom@0.2.17", reason = "ring uses this old version" },
│ ━━━━━━━━━━━━━━━━ ────────────────────────── reason
│ │
│ unmatched skip configuration
warning[unmatched-skip]: skipped crate 'hashbrown = =0.15.5' was not encountered
┌─ deny.toml:32:16
│
32 │ { crate = "hashbrown@0.15.5", reason = "petgraph uses this old version" },
│ ━━━━━━━━━━━━━━━━ ────────────────────────────── reason
│ │
│ unmatched skip configuration
bans ok
$ cargo run -- --manifest-path tests/test_data/duplicates/Cargo.toml check -A duplicate -D unmatched-skip bans
warning[unmatched-skip-root]: skip tree root was not found in the dependency graph
┌─ deny.toml:35:16
│
35 │ { crate = "windows-sys", reason = "a foundational crate for many that bumps far too frequently to ever have a shared version" },
│ ━━━━━━━━━━━ no crate matched these criteria
error[unmatched-skip]: skipped crate 'getrandom = =0.2.17' was not encountered
┌─ deny.toml:31:16
│
31 │ { crate = "getrandom@0.2.17", reason = "ring uses this old version" },
│ ━━━━━━━━━━━━━━━━ ────────────────────────── reason
│ │
│ unmatched skip configuration
error[unmatched-skip]: skipped crate 'hashbrown = =0.15.5' was not encountered
┌─ deny.toml:32:16
│
32 │ { crate = "hashbrown@0.15.5", reason = "petgraph uses this old version" },
│ ━━━━━━━━━━━━━━━━ ────────────────────────────── reason
│ │
│ unmatched skip configuration
bans FAILED
--feature-depth <FEATURE_DEPTH>
Specifies the depth at which feature edges are added in inclusion graphs
-g, --graph <GRAPH>
Path to graph_output root directory
If set, a dotviz graph will be created for whenever multiple versions of the same crate are detected.
Each file will be created at <dir>/graph_output/<crate_name>.dot. <dir>/graph_output/* is deleted and recreated each run.
--hide-inclusion-graph
Hides the inclusion graph when printing out info for a crate
By default, if a diagnostic message pertains to a specific crate, cargo-deny will append an inverse dependency graph to the diagnostic to show you how that crate was pulled into your project.
some diagnostic message
the-crate
├── a-crate
└── b-crate
└── c-crate
-s, --show-stats
Show stats for all the checks, regardless of the log-level
-W, --warn <WARN>
Set lint warned.
$ cargo run -- --manifest-path tests/test_data/duplicates/Cargo.toml check bans
error[duplicate]: found 2 duplicate entries for crate 'webpki-roots'
┌─ /home/jake/code/cargo-deny/tests/test_data/duplicates/Cargo.lock:138:1
│
138 │ ╭ webpki-roots 0.25.4 registry+https://github.com/rust-lang/crates.io-index
139 │ │ webpki-roots 0.26.11 registry+https://github.com/rust-lang/crates.io-index
│ ╰──────────────────────────────────────────────────────────────────────────┘ lock entries
│
├ webpki-roots v0.25.4
└── minreq v2.13.4
└── duplicates v0.1.0
├ webpki-roots v0.26.11
└── duplicates v0.1.0
bans FAILED
$ cargo run -- --manifest-path tests/test_data/duplicates/Cargo.toml check -W duplicate bans
warning[duplicate]: found 2 duplicate entries for crate 'webpki-roots'
┌─ /home/jake/code/cargo-deny/tests/test_data/duplicates/Cargo.lock:138:1
│
138 │ ╭ webpki-roots 0.25.4 registry+https://github.com/rust-lang/crates.io-index
139 │ │ webpki-roots 0.26.11 registry+https://github.com/rust-lang/crates.io-index
│ ╰──────────────────────────────────────────────────────────────────────────┘ lock entries
│
├ webpki-roots v0.25.4
└── minreq v2.13.4
└── duplicates v0.1.0
├ webpki-roots v0.26.11
└── duplicates v0.1.0
bans ok
Exit Codes
As of 0.14.1, the exit code for the check command is a bitset of the checks that were executed that had 1 or more errors.
A script or program can use the following values to determine exactly which check(s) failed.
advisories-0x1bans-0x2licenses-0x4sources-0x8