Cargo:: only BSD/MIT, no GPL crates

For commercial uses of Rust, is there a way to tell Cargo:

  • only use BSD/MIT crates
  • never use GPL crates

It is easy to check individual crates, but it's not clear what dependencies the crates I use pulls in.


You could use, you’d have to wrap it in a small script to check the output though.


Here's a small script:

Goes by white list, and reports all crates that don't have a matching white listed license.


@azriel91 , @steveklabnik : Excellent suggestions. Thanks!

Gentoo has an ACCEPT_LICENSE allow-list (/etc/portage/make.conf - Gentoo Wiki); it'd be neat for cargo to have something similar.

For curiosity sake, would love to know the reason behind this move.

I have a similar policy (although I think I'm currently using an LGPL based crate in one project that I need to replace). I do so because I don't want to have to deal with the additional restrictions GPL adds. I have yet to actually distribute pre-compiled binaries for any project, but if I do then I don't want that to force me to do anything. For libraries I then consider it from the point of view of someone using it in an application, and don't want my choice of dependencies to cause the same issue for them.

1 Like