Skip to content

Exclude development scripts from published package#70

Open
weiznich wants to merge 1 commit intobriansmith:mainfrom
GiGainfosystems:exclude_scripts
Open

Exclude development scripts from published package#70
weiznich wants to merge 1 commit intobriansmith:mainfrom
GiGainfosystems:exclude_scripts

Conversation

@weiznich
Copy link

During a dependency review we noticed that the untrusted crate includes various development scripts. These development scripts shouldn't be there as they might, at some point become problematic. As of now they prevent any downstream user from enabling the [bans.build.interpreted] option of cargo deny.

I opted for using an explicit include list instead of an exclude list to prevent these files from beeing included in the published packages to make sure that everything that's included is an conscious choice.

Cargo.toml Outdated
readme = "README.md"
repository = "https://github.com/briansmith/untrusted"
version = "0.9.0"
include = ["Cargo.toml", "README.md", "LICENSE.txt", "src/**/*.rs"]
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should include tests/ as well, at least until we have a better way of packaging the tests (in their own crate) for people who want to run dependencies' tests in their own CI. WDYT?

Copy link
Author

@weiznich weiznich Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added the tests directory as well.

I personally prefer it to be excluded as almost all users won't use it, but again it doesn't hurt having it here

During a dependency review we noticed that the untrusted crate includes various development scripts. These development scripts shouldn't be there as they might, at some point become problematic. As of now they prevent any downstream user from enabling the `[bans.build.interpreted]` option of cargo deny.

I opted for using an explicit include list instead of an exclude list to prevent these files from beeing included in the published packages to make sure that everything that's included is an conscious choice.
@weiznich
Copy link
Author

weiznich commented Feb 3, 2026

@briansmith Did the update address your concern? Is there anything needed from my side to get this merged?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants