Check for unwanted wildcard dependencies recursively

Question

I have a library and want to make sure that none of the dependencies in my dependency-tree uses wildcard dependencies. Wildcard dependencies are evil :(

Can I check this recursively with cargo in the command line? Or can I check it manually in Cargo.lock?

EDIT: While crates.io rejects crates with wildcard dependencies since the release Rust 1.6 (approximately, thanks Steve Klabnik), there are still old crates on crates.io that do have wildcard dependencies. I can upload my own crate that depends on such an old crate. Therefore my crate indirectly also depends on wildcard dependencies. This is what I want to avoid and check for.

Answer 1

I have written a small script that takes the crates.io-index and reads the current information for all packages. If a package has a direct wildcard dependency on another package there is a line printed in the format crate-name -> wildcard-dependency, another-one.

There are 995 current packages with wildcard dependencies. The list is exhaustive and will only decrease in length if the packages are updated.

You can go manually through all dependencies in your Cargo.lock and check if they are mentioned in the list. Note that you must use the most current version of your dependencies to assure that you are not depending on an outdated package with wildcard dependencies.