Best practice to rename a published crate?

I want to rename a published crate, I hesitated between:

  • publish a new version of the crate with the new name, update the old crate code as a wrapper (a package that contains as a dependency the new crate). PROs: don't break anything / CONs: since Cargo.lock lock library dependency version I should update both crates every time ...

  • depreciate explicitly the old crate. PROs: force users to update explicitly the package name in their dependency / CONs: there is no (at the moment) depreciation mechanism in cargo (as it can exist in NPM npm-deprecate | npm Docs) the closest solution I found is to yank the package cargo yank - The Cargo Book which seems not allow to explicitly warn the user of the change ...

SO questions I read along my search:

One thing you can do is publish an informational advisory to the RustSec advisory database. For example:

https://rustsec.org/advisories/RUSTSEC-2021-0064.html

Then users of tools like cargo-audit will be automatically warned about the name change.

2 Likes

Publish a wrapper. It takes 2-3 years for users to swtich away from an obviously abandoned and deprecated crate. With a wrapper it's never an issue.

3 Likes

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.