Need clarity on general crate usage

When developing an app:
1- Is there a possibility various crates and their associated version numbers listed as dependencies in Cargo.toml become "broken" in some way so the app fails to compile?

2- If yes to question 1 above, then is the solution to download all currently functional crates?

3- If yes to question 2 above, then I suppose they would no longer be listed in Cargo.toml, so how would I access them in the code?

If all the dependencies are from crates.io, as long as the Cargo.lock remains in place, this should not be the problem. If Cargo.lock is removed, there can be a problem if some crate was massively yanked, like here, but it should be easily solvable by just changing the version - it's very unlikely that the author will yank the crate without providing actual version.
If some of your dependencies refer to git, of course, the repository can be deleted by its author at any time. In this case, if you really need this code to be accessible, the simplest thing to do is to make a your own managed fork.

Ok. how do I make a managed fork?

The same as with any other git repository.

If it is on github just go to the repositories front page on github and hit the "fork" button. Now you have your own fork on github and can manage it how you like.

@Cerberuser hinted at, but never said in so many words: crates.io promises to never delete a crate unless they absolutely have to.

https://crates.io/policies#removal

You would use cargo-vendor. You shouldn't need to worry about crates being arbitrarily deleted, but if you want to be able to build your code with no internet connection, it's handy.

The cargo vendor facility doesn't technically require your Cargo.toml to change. Instead, you change the .cargo/config.toml file.

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.