Cargo install and lock file


Is this normal behavior that cargo install don’t respect lock file and downloads/compiles newest versions of dependencies? There’s no versions specified in toml file.


Cargo.lock isn’t included in the package uploaded to, so there’s no way for cargo install to use the lockfile for these packages. This feels like a bug, especially because installing the same package using cargo install --git <repo> will correctly use the lockfile.

I filed an issue to for this: