Building cargo-sane: A Better Way to Manage Rust Dependencies

Have you ever spent hours manually updating dependencies in your Cargo.toml? Copying version numbers from crates.io, wondering which updates are safe, and hoping nothing breaks?

Yeah, me too. That's why I built cargo-sane.

🤔 The Problem

Managing Rust dependencies is tedious:

• You need to check crates.io for each dependency manually
• You don't know which updates are safe (patch? minor? major?)
• Version conflicts are confusing
• One wrong update can break your entire build
• There's no easy way to preview changes

There had to be a better way.

💡 The Solution

I wanted a tool that would:

• ✅ Automatically check all dependencies for updates
• ✅ Categorize updates by risk level
• ✅ Let me choose which ones to update
• ✅ Make backups automatically
• ✅ Preserve my carefully crafted Cargo.toml formatting

So I built cargo-sane.

🚀 What It Does

Smart Dependency Analysis

cargo sane check

This scans your Cargo.toml, hits the crates.io API, and shows you exactly what's available:

🧠 cargo-sane check

📊 Update Summary:
  ✅ Up to date: 3
  🟢 Patch updates available: 5
  🟡 Minor updates available: 2
  🔴 Major updates available: 1

🟢 Patch updates:
  • serde 1.0.195 → 1.0.228
  • anyhow 1.0.89 → 1.0.100

🟡 Minor updates:
  • tokio 1.35.0 → 1.47.2

🔴 Major updates:
  • colored 2.1.0 → 3.0.0

Color-coded by risk:

• 🟢 Green = Patch updates (bug fixes, likely safe)
• 🟡 Yellow = Minor updates (new features, should be safe)
• 🔴 Red = Major updates (breaking changes, be careful!)

Interactive Updates

cargo sane update

This opens a beautiful TUI where you can:

• Select which dependencies to update (spacebar to toggle)
• See exactly what will change
• Preview before applying

And it:

• Creates automatic backups (Cargo.toml.backup)
• Preserves your formatting and comments
• Works with all Cargo.toml formats

# Simple format
serde = "1.0"

# Detailed format with features
tokio = { version = "1.35", features = ["full"] }

# Optional dependencies
clap = { version = "4.5", optional = true }

# Comments are preserved!
regex = "1.11"  # For pattern matching

🛠️ How I Built It

Tech Stack

• Language: Rust (obviously!)
• CLI Framework: clap for argument parsing
• HTTP Client: reqwest for crates.io API
• Version Parsing: semver
• TUI: dialoguer for interactive prompts
• Pretty Output: colored + indicatif

Key Challenges

1. Parsing Cargo.toml

Cargo.toml has many formats:

serde = "1.0"
tokio = { version = "1.35", features = ["full"] }
clap = { version = "4.5", optional = true }

I used the toml crate to parse, then created a custom Manifest struct to handle all variants.

2. Updating While Preserving Format

The tricky part: updating versions WITHOUT destroying formatting and comments.

Solution: Use regex to find and replace only the version string:

let pattern = format!(
    r#"(?m)^(\s*{}\s*=\s*\{{\s*version\s*=\s*")([^"]+)(")"#,
    regex::escape(dep_name)
);

let new_content = re.replace(&content, |caps: &regex::Captures| {
    format!("{}{}{}", &caps[1], new_version, &caps[3])
});

This preserves everything except the version number itself.

3. Concurrent API Calls

Checking 50+ dependencies one-by-one would be slow. Solution: concurrent requests with progress bars:

use indicatif::ProgressBar;

let pb = ProgressBar::new(deps.len() as u64);

for (name, spec) in deps {
    pb.set_message(format!("Checking {}", name));
    // Fetch from crates.io API
    pb.inc(1);
}

📊 Results

After publishing to crates.io, the response has been amazing:

• Published just hours ago
• Already seeing downloads
• Great feedback on design and UX
• Ideas for new features flooding in

🎯 What's Next

Future features I'm planning:

• Conflict Resolution: Automatically fix version conflicts
• Security Scanning: RustSec integration for vulnerability checks
• Unused Dependencies: Detect and remove unused crates
• Workspace Support: Handle multi-crate workspaces
• CI/CD Integration: GitHub Actions support

🚀 Try It Yourself

cargo install cargo-sane

cd your-rust-project
cargo sane check
cargo sane update

Links:

• 📦 Crates.io
• 💻 GitHub

💭 Lessons Learned

Building cargo-sane taught me:

1. Good UX matters in CLI tools - Color coding and progress bars make a huge difference
2. Start simple - MVP first, then iterate based on feedback
3. Preserve user data - Automatic backups = peace of mind
4. Documentation is crucial - Good README = more users
5. Community feedback is gold - Listen to your users

🤝 Want to Contribute?

cargo-sane is open source! PRs welcome:

• 🐛 Found a bug? Open an issue
• 💡 Have an idea? Let's discuss it
• 🔧 Want to contribute? Fork and PR

---

What do you think? Would you use cargo-sane? What features would you want to see?

Drop a comment below! 👇

---

Made with ❤️ by Rust developers, for Rust developers.