Expand description

Obtains the dependency list from a compiled Rust binary by parsing its panic messages. Recovers both crate names and versions.

Caveats

  • If the crate never panics, it will not show up. The Rust compiler is very good at removing unreachable panics, so we can only discover at around a half of all dependencies.
  • C code such as openssl-src never shows up, because it can’t panic.
  • Only crates installed from a registry are discovered. Crates from local workspace or git don’t show up.

Alternatives

cargo auditable embeds the complete dependency information into binaries, which can then be recovered using auditable-info. It should be used instead of quitters whenever possible, unless you’re specifically after panics.

Functions

Obtains the dependency list from a compiled Rust binary by parsing its panic messages.