-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Command for introspecting on the index #11034
Comments
@kornelski thought it'd be good to get your input on this |
"lists crate names" is one of the most commonly requested API (used for auto complete in cargo.toml), unfortunately the first release of sparse registries is unlikely to have a way to list all crate names. Similarly, the perfectly reasonable action "update the index" does not have clear semantics under the first version of sparse registries. |
This is part of the challenge we'll have to navigate between the two types of registries and the fact that the API is stateless (can't know about prior runs). For a git registry, we need an explicit update operation so that future commands can be run in offline mode or else the command's could be too slow. For a sparse registry, the update operation is unneeded but each of the following commands needs to run without offline mode so they can update the registry as needed. |
The CLI api could have cargo index-api --update "serde,rand@0.7,tokio" cargo index-api --crate serde This could return the entire JSON file from the index, which includes all information for all the versions. This way you wouldn't need granular commands for working with individual versions, selecting if they're yanked or not, etc. |
I am concerned about programmatic API. For native Rust programs a CLI interface is cumbersome and slow when querying many crates. However, |
Mostly and is a good idea. The one case I can think of that this would still fall flat for is if you were to implement something like the resolver where you need to get the information from one crate to then know what further crates to look up.
We are limping along with cargo-metadata. How frequent is it that a caller is doing a lot of queries? I'm not familiar enough with all of the use cases to really say.
I would consider the independent crate is a successful fairly. Successful in that it is working enough to show the need but otherwise it is missing a lot of functionality and the maintainers have been passing the buck on resolving some of these (authentication). As for cargo splitting out a crate, a couple of things that we might run into
|
Sparse index does a greedy fetch, so if you ask it to update
For example tools may want to scan every dependency you have in your project, and if that's a recursive scan, that can be hundreds of queries. |
Are you saying it does today or that you propose the command should do a recursive fetch? In the cases where I've been using |
I don't know if this is actually relevant to this discussion, but the current implementation of sparse indexes does not have to do a greedy fetch. It ends up doing waves. It resolves based on everything it currently knows about, using a stub dependency for things not yet fetched. (This lets it skip unused features.) It then looks at the result and requests all of the packages that have been stubbed out, and redoes resolution. Of course the current implementation uses internal APIs. If you wanted to reimplement it over this CLI, it could be done with "only" the depth of the dependency tree calls. Thinking about building an outside tool to do resolution based on this CLI, it would be really helpful if it didn't just take registries but also sources. I.E. if I have a git dependency I may also want to be able to find out what version is there, what its dependencies are, and find out where it was extracted. |
If you wanted to reimplement something like @Eh2406 It's nice that it's integrated with the resolver! When I wrote the RFC I assumed this would be difficult, so I suggested greedy fetch approach that first fetches everything without resolving exact versions, so that the precise resolver can later run offline, and safely assume it already has all files it needs. Anyway, even if the implementation proper is smart enough to be conservative, the tooling-oriented CLI can still be fetching all versions with all features for all platforms. I'd just provide a separate switch for updating with dev deps. It will be some extra overhead, but I don't expect too much, especially that these crates are cached, so it'll be mostly one-time cost of a few usual suspects like winapi and redox_syscall. In any case it will be less than the full git index :) |
What would be use-cases for listing all crates? I need it in https://lib.rs, but I also need all the crate metadata, so for this the git index works better.
Would it be useful to list all the crates currently in the cache? |
Listing all crates can be useful for #10655
I believe cargo has everything it needs for |
As noted in the issue I don't think typosquatting can be handled client-side. You can detect similar names, but the index lacks the information required to decide which of the similar names is the right one, and without that you may end up hurting users by recommending squatted crates when they correctly add good ones. |
I have a usecase which doesn't need recursive querying and would prefer to have |
Problem
Cargo does not prioritize rust APIs but instead CLI plumbing, like cargo-metadata, for APIs to be built, like cargo_metadata.
Currently, there is no CLI plumbing for the index and the rust API hole is being fulfilled by crates-index which has its own set of issues (not fully implementing cargos logic, not implementing auth, no cli fallback, etc).
Soon, there will be sparse registries. While crates.io might continue to support git, alternative registries might not.
Proposed Solution
Create a command that provides a way to query the index
Strawman sketch
The main challenge will be an API that works well for both git and sparse registries as they have different network connection models.
Notes
No response
The text was updated successfully, but these errors were encountered: