How can I proof read my package before first publish to creates.io?

help
1

I see from a discussion several years ago that the idea of having a sandbox crates.io (akin to test.pypi.org) was rejected as:

I'm not sure if a test server is worth the effort

The lack of one is rather intimidating to a new user publishing for the first time.

If I were to send something to a publisher to print on paper, I would expect a "proof copy" that I can double check before the book is printed.

What can I do in the rust world to "proof read" the way my packge will be rendered on crates.io without actually publishing first?

I'm particularly interested in:

  • Checking how crates.io will render the README.md
    • There are so many flavours of markdown these days
    • Giving code blocks the right syntax hint is not ubiquotious across markdown rendering
  • Checking the meta-data is correct and with a valid licence identifier
  • Opening up the actual package file and ensuring nothing got included that wasn't supposed to be.
2 Likes
2

Depending on what you mean by "correct," some of this is done by cargo verify-project, some is done by the server when you try to cargo publish (e.g., if you try to publish a package with an invalid category, the publication will be rejected), and some things (like license identifiers) aren't checked by cargo and must instead be verified by a human, but this last part doesn't require a test server.

This one you can do without a test server. Running cargo package on your code will produce a .crate file (a gzipped tarball) in target/crate/{name}-{version}.crate that you can list the contents of with tar ztf.

1 Like
3

Or just cargo package --list.

1 Like
4

I mentioned this one in particular because my first attempt to publish to test.pypi.org resulted in it rejecting the package because the licence identifier was not in the approved list. By saying that this needs to be checked by a human for crates.io do you mean simply that crates.io can't check the licence identifier matches the licence file? Does it not at least check that the licence identifier matchers one of SPDX license list?

5

It doesn't check that, and I don't think trying to check that would be a good idea, as there would be either too many false negatives or too many false positives.

This may have changed recently, but crates.io either doesn't or previously didn't enforce SPDX validity. For example, there are a number of crates with a listed license expression of "Apache-2.0/MIT", which should be "Apache-2.0 OR MIT" instead.

6

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.