This wasn't the marketing message I recall hearing about yanked crates, that they remain accessible if they are in an existing Cargo.lock. But nevertheless, as I found and originally mentioned in:
cargo install cargo-graph --locked
Updating crates.io index
Installing cargo-graph v0.3.1
error: failed to compile `cargo-graph v0.3.1`, intermediate artifacts can be found at `/tmp/cargo-installdryLBw`
Caused by:
failed to select a version for the requirement `clap = "~2.11.3"`
candidate versions found which didn't match: 2.33.3, 2.33.2, 2.33.1, ...
location searched: crates.io index
required by package `cargo-graph v0.3.1`
Where https://crates.io/crates/clap/versions shoes yanked-mageddon half way down the page, and for all compatible ~2.11.3 (aka >= 2.11.3, < 2.12). Did the original cargo-graph author's release do something wrong here, to disserve this somehow?
The "publish lockfile" feature is now stable. This feature will automatically include the Cargo.lock file when a package is published if it contains a binary executable target. By default, Cargo will ignore Cargo.lock when installing a package. To force Cargo to use the Cargo.lock file included in the published package, use cargo install --locked . This may be useful to ensure that cargo install consistently reproduces the same result. It may also be useful when a semver-incompatible change is accidentally published to a dependency, providing a way to fall back to a version that is known to work. #7026
Thanks. It would have been nice if my "cargo 1.51.0-nightly (a73e5b7d5 2021-01-12)" was helpful enough to say:
cargo install cargo-graph --locked
Updating crates.io index
Installing cargo-graph v0.3.1
+warning: no Cargo.lock file published in cargo-graph v0.3.1
error: failed to compile `cargo-graph v0.3.1`, intermediate artifacts can be found at `/tmp/cargo-installdryLBw`
Caused by:
failed to select a version for the requirement `clap = "~2.11.3"`
candidate versions found which didn't match: 2.33.3, 2.33.2, 2.33.1, ...
location searched: crates.io index
required by package `cargo-graph v0.3.1`