{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigydnmq564zobbg3nubkgh3z2meibhfkxilus6mik53rhyw2z2ktq",
    "uri": "at://did:plc:ivbknywyskln22er3nkssdhl/app.bsky.feed.post/3mkby2xjwovp2"
  },
  "path": "/t/easily-inspect-dependencies/24200#post_1",
  "publishedAt": "2026-04-25T01:47:54.000Z",
  "site": "https://internals.rust-lang.org",
  "tags": [
    "security issue"
  ],
  "textContent": "Cargo should provide a way for users to trivially find and/or open locally-cached crates. The current UX discourages `cd`ing or `open`ing deps:\n\n\n    # using Rust fmt-str syntax\n    open \".cargo/registry/src/index.crates.io-{HEX_NONSENSE}/{NAME}-{VERSION}/src/foobar.rs\"\n\n\nToday, the only easy way is to use rust-analyzer with goto-def, but that's overkill in many cases, and sometimes prohibitively computationally expensive.\n\nThis isn't just an ergonomics issue, it's a security issue.\n\nI've recently read about `cargo vendor`, but it's not a proper solution, IMO",
  "title": "Easily inspect dependencies"
}