feat: Add info cargo subcommand

[0xPoe]

close #14081
close #948

fcp #14141 (comment)

This PR added a new info cargo subcommand.

Background

This adds a new subcommand to Cargo, cargo info. This subcommand would allow users to get information about a crate from the command line, without having to go to the web.

The main motivation for this is to make it easier to get information about a crate from the command line. Currently, the way to get information about a crate is to go to the web and look it up on crates.io or find the crate's source code and look at the Cargo.toml file. This is not very convenient, especially not all information is displayed on the crates.io page.
This command also has been requested by the community for a long time. You can find more discussion about this in cargo#948.

Another motivation is to make the workflow of finding and evaluating crates more efficient. In the current workflow, users can search for crates using cargo search, but then they have to go to the web to get more information about the crate. This is not very efficient, especially if the user is just trying to get a quick overview of the crate. This would allow users to quickly get information about a crate without having to leave the terminal.

Example usage:

./target/debug/cargo info clap --verbose
  Credential cargo:token get crates-io
clap #argument #cli #arg #parser #parse
A simple to use, efficient, and full-featured Command Line Argument Parser
version: 4.5.8 (latest 4.5.9)
license: MIT OR Apache-2.0
rust-version: 1.74
documentation: https://docs.rs/clap/4.5.8
repository: https://github.com/clap-rs/clap
crates.io: https://crates.io/crates/clap/4.5.8
features:
 +default         = [std, color, help, usage, error-context, suggestions]
  color           = [clap_builder/color]
  error-context   = [clap_builder/error-context]
  help            = [clap_builder/help]
  std             = [clap_builder/std]
  suggestions     = [clap_builder/suggestions]
  usage           = [clap_builder/usage]
  cargo           = [clap_builder/cargo]
  debug           = [clap_builder/debug, clap_derive?/debug]
  deprecated      = [clap_builder/deprecated, clap_derive?/deprecated]
  derive          = [dep:clap_derive]
  env             = [clap_builder/env]
  string          = [clap_builder/string]
  unicode         = [clap_builder/unicode]
  unstable-doc    = [clap_builder/unstable-doc, derive]
  unstable-styles = [clap_builder/unstable-styles]
  unstable-v5     = [clap_builder/unstable-v5, clap_derive?/unstable-v5, deprecated]
  wrap_help       = [clap_builder/wrap_help]
dependencies:
 +clap_builder@=4.5.8
  clap_derive@=4.5.8
owners:
  kbknapp (Kevin K.)
  github:rust-cli:maintainers (Maintainers)
  github:clap-rs:admins (Admins)
note: to see how you depend on clap, run `cargo tree --invert --package clap@4.5.8`

note: this is showing the --verbose output to show every thing the user can possibly see. Normal operation does not include

• dependencies

Detailed design

Content	Explanation	Why
clap	Name	The basic information.
#argument #cli #arg #parser #parse	Keywords (clickable)	It's more like a category, which you can use to search for relevant alternatives.
A simple to use, efficient, and full-featured Command Line Argument Parser	Description	The basic information.
version: 4.5.8 (latest 4.5.9)	Version	The basic information.
license: MIT OR Apache-2.0	License	When choosing a crate, it is crucial to consider the license.
rust-version: 1.74	MSRV	When choosing a crate, it is crucial to make sure it can work with your MSRV.
documentation: https://docs.rs/clap/4.5.8	Documentation Link	Use these links can find more docs and information.
repository: https://github.com/clap-rs/clap	Repo Link	Use these links can find more docs and information.
crates.io: https://crates.io/crates/clap/4.5.8	crates.io Link	Use these links can find more docs and information.
features:	Default Features And Other Features	It helps for enabling features.
dependencies:	All dependencies	It indicates what it depends on.
owners:	Owners	It indicates who maintains the crate.
note: to see how you depend on clap, run cargo tree --invert --package clap@4.5.8	A note for cargo tree command	It will prompt the user that the package is depended on under the workspace, and the dependencies can be viewed using the cargo tree command.

Rendering features

• For features enabled by users, a + prefix and colored output are now used for better visibility.
• For features enabled automatically, colored output is used to distinguish them.
• For disabled features, non-colored output is used to clearly indicate their status.

Rendering deps

Only show dependencies in verbose mode.

• For dependencies required by the package, a + prefix and colored output are now used for better visibility.
• For dependencies that are optional and activated, colored output is used to distinguish them.
• For dependencies that are optional and not activated, non-colored output is used to clearly indicate their status.

Some important notes

Downloading the crate from any Cargo compatible registry

The cargo info command will download the crate from any Cargo compatible registry. It will then extract the information from the Cargo.toml file and display it in the terminal.

If the crate is already in the local cache, it will not download the crate again. It will get the information from the local cache.

Pick the correct version from the workspace

When executed in a workspace directory, the cargo info command chooses the version that the workspace is currently using.

If there's a lock file available, the version from this file will be used. In the absence of a lock file, the command attempts to select a version that is compatible with the Minimum Supported Rust Version (MSRV). And the lock file will be generated automatically.

The following hierarchy is used to determine the MSRV:

• First, the MSRV of the parent directory package is checked, if it exists.
• If the parent directory package does not specify an MSRV, the minimal MSRV of the workspace is checked.
• If neither the workspace nor the parent directory package specify an MSRV, the version of the current Rust compiler (rustc --version) is used.

Prior art

NPM

npm has a similar command called npm info.
For example:

$ npm info lodash

lodash@4.17.21 | MIT | deps: none | versions: 114
Lodash modular utilities.
https://lodash.com/

keywords: modules, stdlib, util

dist
.tarball: https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz
.shasum: 679591c564c3bffaae8454cf0b3df370c3d6911c
.integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
.unpackedSize: 1.4 MB

maintainers:
- mathias <mathias@qiwi.be>
- jdalton <john.david.dalton@gmail.com>
- bnjmnt4n <benjamin@dev.ofcr.se>

dist-tags:
latest: 4.17.21

published over a year ago by bnjmnt4n <benjamin@dev.ofcr.se>

Poetry

Poetry has a similar command called poetry show.

For example:

$ poetry show pendulum

name        : pendulum
version     : 1.4.2
description : Python datetimes made easy

dependencies
 - python-dateutil >=2.6.1
 - tzlocal >=1.4
 - pytzdata >=2017.2.2

required by
 - calendar >=1.4.0

insta-stable

As @weihanglo mentioned in #14141 (comment), commands that shadow third-party commands tend to be insta-stabilized to avoid an intermediate period where users can't access the third-party command (built-ins get priority) nor the built-in command (requires nightly)

For the cargo-info command, there are two commands that this would shadow

• cargo-information: hasn't been around too long and only has 4k downloads
• cargo-info : been around longer and has 63k downloads

We might be able to get away with having this unstable but starting from the assumption of insta-stabilization.

[rustbot]

r? @epage

rustbot has assigned @epage.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

[weihanglo]

I remembered last time when we imported new commands we insta-stablized them (cargo-add and cargo-remove) because built-in commands shadow external ones, making them unusable.

If the Cargo team are happy with making this a built-in command, I suppose we could do the same thing.

[0xPoe]

You might also want to add cargo-info to src/doc/man/cargo.md. See #14339.

Added. Thank you!

[rfcbot]

The final comment period, with a disposition to merge, as per the review above, is now complete.

As the automated representative of the governance process, I would like to thank the author for their work and everyone else who contributed.

This will be merged soon.

[0xPoe]

@epage @weihanglo I guess this PR is ready to merge. Could you please help merge it when you have time? If there is anything I need to update, please let me know.
Thanks for your review! 💚 💙 💜 💛 ❤️

@epage Thank you for guiding me in this work, I really appreciate it. Thank you for all your time.

[weihanglo]

I didn't look too closer to the implementation. That seems pretty solid. Thank you hi-rustin!

[weihanglo]

How do we override the local query with registry query? This guide doesn't talk about that. Should we mention it or put an example for this use case?

[0xPoe]

You can specify a specific version(a different version) or you need to check it out of the workspace. I guess it's okay to not mention it. I believe checking it out of the workspace is quite straightforward.

[weihanglo]

I understand that we handle duplicate package by max_by regardless MSRV of globally maximum. Should we have something reminding user when a query is ambiguous?

[0xPoe]

I'm not sure if we should mention this detail here. From the start, I provided all the details about how we select a package, but Ed thought it was too detailed. He believes it might create more work if we want to change these implementation details.

[ehuss]

I tried giving this a spin, and was very surprised to find that it was requesting my token for crates.io. Is there a reason it must do that? That seems like it will be a bad user experience if someone needs to enter a password or use a biometric or hardware key in order to use this command.

[0xPoe]

I tried giving this a spin, and was very surprised to find that it was requesting my token for crates.io. Is there a reason it must do that? That seems like it will be a bad user experience if someone needs to enter a password or use a biometric or hardware key in order to use this command.

I will take a look. It shouldn't require it. I remember I fixed it in my previous local test.

[0xPoe]

I tested it locally:

❯ ./target/debug/cargo logout
      Logout token for `crates-io` has been removed from local storage
note: This does not revoke the token on the registry server.
    If you need to revoke the token, visit <https://crates.io/me> and follow the instructions there.

cargo on  rustin-patch-info is 📦 v0.83.0 via 🐍 v3.12.4 via 🦀 v1.82.0-nightly 
❯ ./target/debug/cargo info serde  
serde #serde #serialization #no_std
A generic serialization/deserialization framework
version: 1.0.204
license: MIT OR Apache-2.0
rust-version: 1.31
documentation: https://docs.rs/serde
homepage: https://serde.rs
repository: https://github.com/serde-rs/serde
crates.io: https://crates.io/crates/serde/1.0.204
features:
 +default      = [std]
  std          = []
  alloc        = []
  derive       = [serde_derive]
  rc           = []
  serde_derive = [dep:serde_derive]
  unstable     = []
note: to see how you depend on serde, run `cargo tree --invert --package serde@1.0.204`

It seemed it doesn't require it.

[0xPoe]

🔢 Self-check (PR reviewed by myself and ready for feedback.)

[epage]

I also logged out and couldn't reproduce.

As we develop reproduction steps, we can iterate from there.

@bors r+

[bors]

📌 Commit ba07215 has been approved by epage

It is now in the queue for this repository.

[bors]

⌛ Testing commit ba07215 with merge f3fee6d...

[bors]

☀️ Test successful - checks-actions
Approved by: epage
Pushing f3fee6d to master...

[bors]

☀️ Test successful - checks-actions
Approved by: epage
Pushing f3fee6d to master...

[bors]

👀 Test was successful, but fast-forwarding failed: 422 Changes must be made through a pull request.

[ehuss]

Opened #14409 regarding the authentication problem.