Introduce a cargo command similar to "yarn why"

Yarn has a command that allows you to find a dependency or a sub-dependency in the dependency tree, thereby helping you to find and prune outdated or vulnerable dependencies.

It's output looks like this:

$ yarn why scheduler
yarn why v1.22.5
[1/4] 🤔  Why do we have the module "scheduler"...?
[2/4] 🚚  Initialising dependency graph...
[3/4] 🔍  Finding dependency...
[4/4] 🚡  Calculating file sizes...
=> Found "scheduler@0.18.0"
info Has been hoisted to "scheduler"
info Reasons this module exists
   - Hoisted from "formik#scheduler"
   - Hoisted from "gatsby#gatsby-cli#ink#scheduler"
   - Hoisted from "gatsby#gatsby-cli#ink#react-reconciler#scheduler"
info Disk size without dependencies: "208KB"
info Disk size with unique dependencies: "256KB"
info Disk size with transitive dependencies: "284KB"
info Number of shared dependencies: 3
=> Found "react-dom#scheduler@0.19.1"
info This module exists because "react-dom" depends on it.
info Disk size without dependencies: "204KB"
info Disk size with unique dependencies: "252KB"
info Disk size with transitive dependencies: "280KB"
info Number of shared dependencies: 3
=> Found "gatsby-recipes#scheduler@0.19.1"
info Reasons this module exists
   - "gatsby#gatsby-cli#gatsby-recipes#react-reconciler" depends on it
   - Hoisted from "gatsby#gatsby-cli#gatsby-recipes#react-reconciler#scheduler"
info Disk size without dependencies: "204KB"
info Disk size with unique dependencies: "252KB"
info Disk size with transitive dependencies: "280KB"
info Number of shared dependencies: 3
✨  Done in 1.01s.

I think a similar command would be really helpful to have in cargo. I couldn't find a 3rd party implementation of this, but perhaps I missed it. It might also make sense to have this as a proper cargo feature. WDYT?

There's a cargo audit

1 Like

Although it won't give compiled sizes nor, AFAIK, cross-reference with some security advisories / databases, there is also cargo tree:

cargo tree -i -p scheduler  # to see why you depend on that package
cargo tree -p scheduler  # to see what it depends on
What I think of whenever I see `cargo tree` written somewhere


4 Likes