in src/main.rs [2179:2297]
fn cmd_check(
out: &Arc<dyn Out>,
cfg: &Config,
_sub_args: &CheckArgs,
) -> Result<(), miette::Report> {
// Run the checker to validate that the current set of deps is covered by the current cargo vet store
trace!("vetting...");
let network = Network::acquire(cfg);
let mut store = Store::acquire(cfg, network.as_ref(), false)?;
if !cfg.cli.locked {
// Check if any of our first-parties are in the crates.io registry
let mut cache = Cache::acquire(cfg).into_diagnostic()?;
// Check crate policies prior to audit_as_crates_io because the suggestions of
// check_audit_as_crates_io will rely on the correct structure of crate policies.
check_crate_policies(cfg, &store)?;
tokio::runtime::Handle::current().block_on(check_audit_as_crates_io(
cfg,
&store,
network.as_ref(),
&mut cache,
))?;
}
// DO THE THING!!!!
let report = resolver::resolve(&cfg.metadata, cfg.cli.filter_graph.as_ref(), &store);
// Bare `cargo vet` shouldn't suggest in CI
let suggest = if !cfg.cli.locked {
report.compute_suggest(cfg, &store, network.as_ref())?
} else {
None
};
match cfg.cli.output_format {
OutputFormat::Human => report
.print_human(out, cfg, suggest.as_ref())
.into_diagnostic()?,
OutputFormat::Json => report.print_json(out, suggest.as_ref())?,
}
// Only save imports if we succeeded, to avoid any modifications on error.
if report.has_errors() {
// ERRORS: immediate fatal diagnostic? Arguably should be silent.
// Err(eyre!("report contains errors"))?;
panic_any(ExitPanic(-1));
} else {
if !cfg.cli.locked {
// Simulate a full `fetch-imports` run, and record the potential
// pruned imports and exemptions.
let updates = resolver::get_store_updates(cfg, &store, |_| resolver::UpdateMode {
search_mode: resolver::SearchMode::PreferFreshImports,
prune_exemptions: true,
prune_non_importable_audits: true,
prune_imports: true,
});
// Perform a minimal store update to pull in necessary imports,
// while avoiding any other changes to exemptions or imports.
resolver::update_store(cfg, &mut store, |_| resolver::UpdateMode {
search_mode: resolver::SearchMode::PreferExemptions,
prune_exemptions: false,
prune_non_importable_audits: false,
prune_imports: false,
});
// XXX: Consider trying to be more precise here? Would require some
// more clever comparisons.
if store.config.exemptions != updates.exemptions {
warn!("Your supply-chain has unnecessary exemptions which could be relaxed or pruned.");
warn!(" Consider running `cargo vet prune` to prune unnecessary exemptions and imports.");
} else if store.imports != updates.imports {
warn!("Your supply-chain has unnecessary imports which could be pruned.");
warn!(" Consider running `cargo vet prune` to prune unnecessary imports.");
} else if store.audits.audits != updates.audits {
warn!("Your supply-chain has unnecessary audits which could be pruned.");
warn!(" Consider running `cargo vet prune` to prune unnecessary imports.");
}
// Check if we have `unpublished` entries for crates which have since been published.
let since_published: Vec<_> = updates
.imports
.unpublished
.iter()
.filter(|(_, unpublished)| unpublished.iter().any(|u| !u.still_unpublished))
.map(|(package, _)| package)
.collect();
if !since_published.is_empty() {
let published = string_format::FormatShortList::new(since_published);
warn!("Your supply-chain depends on previously unpublished versions of {published} which have since been published.");
warn!(" Consider running `cargo vet regenerate unpublished` to remove these entries.");
}
// Warn about wildcard audits which will be expiring soon or have expired.
let expiry = WildcardAuditRenewal::expiring(cfg, &mut store, true);
if !expiry.is_empty() {
let expired = expiry.expired_crates();
let expiring_soon = expiry.expiring_crates();
if !expired.is_empty() {
let expired = string_format::FormatShortList::new(expired);
warn!(
"Your audit set contains wildcard audits for {expired} which have expired."
);
}
if !expiring_soon.is_empty() {
let expiring = string_format::FormatShortList::new(expiring_soon);
warn!("Your audit set contains wildcard audits for {expiring} which expire within the next {WILDCARD_AUDIT_EXPIRATION_STRING}.");
}
warn!(" Consider running `cargo vet renew --expiring` or adding `renew = false` to the wildcard entries in audits.toml.");
}
}
store.commit()?;
}
Ok(())
}