cargo-deny is a cargo plugin for linting your dependencies. See the book 📕 for in-depth documentation.
To run on CI as a GitHub Action, see
Please Note: This is a tool that we use (and like!) and it makes sense to us to release it as open source. However, we can’t take any responsibility for your use of the tool, if it will function correctly or fulfil your needs. No functionality in - or information provided by - cargo-deny constitutes legal advice.
cargo install --locked cargo-deny && cargo deny init && cargo deny check
If you want to use
cargo-deny without having
cargo-deny with the
This can be useful in Docker Images.
cargo install --locked cargo-deny # Or, if you're an Arch user yay -S cargo-deny
cargo deny init
cargo deny check
The licenses check is used to verify that every crate you use has license terms you find acceptable.
cargo deny check licenses
The bans check is used to deny (or allow) specific crates, as well as detect and handle multiple versions of the same crate.
cargo deny check bans
The advisories check is used to detect issues for crates by looking in an advisory database.
cargo deny check advisories
The sources check ensures crates only come from sources you trust.
cargo deny check sources
We welcome community contributions to this project.
Please read our Contributor Guide for more information on how to get started.
Licensed under either of
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.