cargo-shed 0.1.0 flags risky Rust dependencies without compiling projects

cargo-shed 0.1.0 landed as a new way to clean up Rust dependencies before a build ever starts. The first public release, published on June 18, scanned Cargo.toml, Cargo.lock, and Rust files under src/ and tests/ while avoiding compilation, build scripts, and project code execution entirely.

That design shaped the tool’s pitch. Instead of guessing, cargo-shed tried to make cleanup explainable by pairing every warning with a problem, a reason, evidence, and a suggested action. The project’s GitHub README said it reported dependency choices that could raise compile time, increase binary size, or add manifest maintenance cost.

The initial rule set went straight after the kinds of dependency drift that show up in real Rust codebases. It could flag a tokio-full dependency that pulled in too much surface area, a reqwest setup that left default features enabled, unused crates such as chrono when source scanning suggested they were not referenced, duplicate versions, and heavy crates worth revisiting. The release example showed scored findings with severity labels and direct remediation commands, including cargo shed fix tokio-full and cargo shed fix unused-dependency:chrono.

The maintainer kept the first release conservative. Fixes in 0.1.0 created backups before writing, and ambiguous cases were reported instead of silently changing a manifest. That makes the tool fit the kind of cleanup pass Rust teams can run with less fear than a blunt auto-remover, especially when a workspace has grown messy over time and feature flags, transitive versions, and convenience defaults have piled up.

cargo-shed arrived in a lane the Rust ecosystem already recognized as important. Cargo’s build-performance guide recommends periodically reviewing unused dependencies with third-party tools such as cargo-machete, cargo-udeps, and cargo-shear. cargo-udeps can compile on stable but needs nightly to actually run, while cargo-machete is described as a fast but imprecise unused-dependency detector. cargo-shed aimed to sit between those approaches, using static analysis to stay quick and conservative while still giving developers evidence they can inspect.

That mix of speed, restraint, and explainability is what makes cargo-shed notable. A Cargo subcommand that can point to a risky dependency, show why it matters, and suggest a safe next step turns dependency hygiene into a routine maintenance pass instead of a risky guessing game.