`cargoAudit` check fails silently #841

eureka-cpu · 2025-03-24T16:58:14Z

eureka-cpu
Mar 24, 2025

Describe the bug

I just realized while going through #817 that the cargo-audit check seems to just fail without throwing an error. With the wrapper script that greps for warning|error in #817 and doCheck enabled, I can get it to fail, however it spits out some errors that seem to be related to the command line flags passed to cargo-audit:

$ nix build .\#sec.x86_64-linux.audit -L                                                                                              [9:47:04]
crate-audit> cargoVendorDir not set, will not automatically configure vendored sources
crate-audit> cargoArtifacts not set, will not reuse any cargo artifacts
crate-audit> Running phase: unpackPhase
crate-audit> unpacking source archive /nix/store/ih2jqkh4rgmbgmyhbryxc57yksqz5z8q-source
crate-audit> source root is source
crate-audit> Running phase: patchPhase
crate-audit> Executing configureCargoCommonVars
crate-audit> Running phase: updateAutotoolsGnuConfigScriptsPhase
crate-audit> Running phase: configurePhase
crate-audit> default configurePhase, nothing to do
crate-audit> Running phase: buildPhase
crate-audit> +++ command cargo --version
crate-audit> cargo 1.85.1 (d73d2caf9 2024-12-31)
crate-audit> +++ command cargo audit -n -d /nix/store/b9px6aqw5ic3sj01ngia01bqmx03xkfm-source --ignore yanked
crate-audit>       Loaded 745 security advisories (from /nix/store/b9px6aqw5ic3sj01ngia01bqmx03xkfm-source)
crate-audit>     Scanning Cargo.lock for vulnerabilities (242 crate dependencies)
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: RustyXML
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: addr2line
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: adler2
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: anyhow
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: async-channel
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: async-lock
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: async-trait
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: autocfg
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: azure_core
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: azure_storage
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: azure_storage_blobs
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: azure_svc_blobstorage
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: backtrace
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: base64
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: base64
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: bitflags
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: bitflags
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: block-buffer
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: bumpalo
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: bytes
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: c_str_macro
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: cc
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: cfg-if
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: concurrent-queue
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: core-foundation
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: core-foundation-sys
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: cpufeatures
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: crossbeam-utils
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: crypto-common
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: darling
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: darling_core
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: darling_macro
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: deranged
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: digest
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: displaydoc
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: dyn-clone
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: errno
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: event-listener
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: event-listener
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: event-listener-strategy
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: fastrand
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: fastrand
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: fnv
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: foreign-types
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: foreign-types-shared
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: form_urlencoded
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: futures
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: futures-channel
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: futures-core
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: futures-executor
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: futures-io
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: futures-lite
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: futures-macro
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: futures-sink
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: futures-task
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: futures-util
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: generic-array
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: getrandom
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: getrandom
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: getrandom
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: gimli
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: hmac
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: http
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: http-body
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: http-body-util
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: http-types
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: httparse
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: hyper
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: hyper-tls
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: hyper-util
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: icu_collections
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: icu_locid
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: icu_locid_transform
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: icu_locid_transform_data
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: icu_normalizer
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: icu_normalizer_data
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: icu_properties
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: icu_properties_data
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: icu_provider
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: icu_provider_macros
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: ident_case
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: idna
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: idna_adapter
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: infer
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: instant
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: ipnet
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: itoa
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: js-sys
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: lazy_static
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: libc
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: libloading
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: linux-raw-sys
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: litemap
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: log
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: md5
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: memchr
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: mime
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: miniz_oxide
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: mio
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: native-tls
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: num-conv
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: num-traits
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: object
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: once_cell
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: openssl
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: openssl-macros
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: openssl-probe
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: openssl-sys
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: parking
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: paste
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: percent-encoding
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: pin-project
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: pin-project-internal
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: pin-project-lite
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: pin-utils
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: pkg-config
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: powerfmt
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: ppv-lite86
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: proc-macro2
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: quick-xml
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: quote
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: r-efi
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: rand
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: rand
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: rand_chacha
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: rand_chacha
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: rand_core
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: rand_core
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: rand_hc
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: reaper-low
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: reaper-macros
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: reqwest
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: rustc-demangle
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: rustc_version
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: rustix
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: rustls-pemfile
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: rustls-pki-types
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: rustversion
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: ryu
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: schannel
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: security-framework
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: security-framework-sys
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: semver
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: serde
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: serde_derive
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: serde_json
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: serde_qs
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: serde_urlencoded
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: sha2
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: shlex
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: slab
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: smallvec
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: socket2
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: stable_deref_trait
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: strsim
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: subtle
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: syn
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: syn
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: sync_wrapper
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: synstructure
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: tempfile
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: thiserror
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: thiserror-impl
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: time
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: time-core
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: time-macros
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: tinystr
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: tokio
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: tokio-macros
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: tokio-native-tls
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: tokio-util
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: tower
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: tower-layer
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: tower-service
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: tracing
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: tracing-attributes
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: tracing-core
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: try-lock
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: typenum
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: unicode-ident
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: url
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: utf16_iter
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: utf8_iter
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: uuid
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: vcpkg
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: version_check
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: vst
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: waker-fn
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: want
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: wasi
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: wasi
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: wasi
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: wasm-bindgen
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: wasm-bindgen-backend
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: wasm-bindgen-futures
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: wasm-bindgen-macro
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: wasm-bindgen-macro-support
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: wasm-bindgen-shared
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: wasm-streams
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: web-sys
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: winapi
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: winapi-i686-pc-windows-gnu
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: winapi-x86_64-pc-windows-gnu
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows-link
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows-registry
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows-result
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows-strings
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows-sys
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows-sys
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows-targets
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows-targets
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_aarch64_gnullvm
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_aarch64_gnullvm
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_aarch64_msvc
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_aarch64_msvc
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_i686_gnu
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_i686_gnu
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_i686_gnullvm
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_i686_gnullvm
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_i686_msvc
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_i686_msvc
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_x86_64_gnu
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_x86_64_gnu
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_x86_64_gnullvm
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_x86_64_gnullvm
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_x86_64_msvc
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: windows_x86_64_msvc
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: wit-bindgen-rt
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: write16
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: writeable
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: yoke
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: yoke-derive
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: zerocopy
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: zerocopy-derive
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: zerofrom
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: zerofrom-derive
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: zerovec
crate-audit> error: couldn't check if the package is yanked: not found: No such crate in crates.io index: zerovec-derive
crate-audit> warning: 2 allowed warnings found
crate-audit> Running phase: checkPhase
crate-audit> Warning:   unmaintained
crate-audit> Warning:   unmaintained
error: builder for '/nix/store/g3d8hi3laap5apwd3ygiqz0qw1iv2k85-crate-audit-0.0.0.drv' failed with exit code 1;

However, if I remove the wrapper script that tries to catch the error it just fails silently and gives no output at all, eg. the check passes without any output.

When I run cargo audit from my terminal, I get some warnings:

$ cargo audit -n --ignore yanked                                                                                                      [9:52:22]
      Loaded 745 security advisories (from /home/eureka/.cargo/advisory-db)
    Scanning Cargo.lock for vulnerabilities (242 crate dependencies)
Crate:     instant
Version:   0.1.13
Warning:   unmaintained
Title:     `instant` is unmaintained
Date:      2024-09-01
ID:        RUSTSEC-2024-0384
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0384
Dependency tree:
instant 0.1.13
└── fastrand 1.9.0
    └── futures-lite 1.13.0
        └── http-types 2.12.0
            └── azure_core 0.21.0
                ├── file_system 0.1.0
                │   └── cloud_reaper_daemon 0.1.0
                ├── azure_svc_blobstorage 0.21.0
                │   └── azure_storage_blobs 0.21.0
                │       └── file_system 0.1.0
                ├── azure_storage_blobs 0.21.0
                └── azure_storage 0.21.0
                    ├── file_system 0.1.0
                    └── azure_storage_blobs 0.21.0

Crate:     paste
Version:   1.0.15
Warning:   unmaintained
Title:     paste - no longer maintained
Date:      2024-10-07
ID:        RUSTSEC-2024-0436
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0436
Dependency tree:
paste 1.0.15
└── azure_core 0.21.0
    ├── file_system 0.1.0
    │   └── cloud_reaper_daemon 0.1.0
    ├── azure_svc_blobstorage 0.21.0
    │   └── azure_storage_blobs 0.21.0
    │       └── file_system 0.1.0
    ├── azure_storage_blobs 0.21.0
    └── azure_storage 0.21.0
        ├── file_system 0.1.0
        └── azure_storage_blobs 0.21.0

warning: 2 allowed warnings found

Reproduction

I'm using the workspace template, and my crane/advisory version is latest as of yesterday since I just ran nix flake update.

init a new flake from workspace template
add a crate with some unmaintained crates, in my case azure_core
nix flake check (passes)
cargo audit (shows unmaintained crates)
cargo deny check bans licenses sources (passes since it doesn't include advisories, fails if you add advisories)

Answered by ipetkov

Apr 4, 2025

Hi @eureka-cpu thanks for the report!

The default behavior of cargoAudit is to call cargo audit -n -d ${advisory-db} --ignore yanked, so if you want it to actually fail on unmaintained crates you'd need to set cargoAuditExtraArgs = "--ignore yanked --deny unmaintained"; (for example).

As for the yanked warnings

error: couldn't check if the package is yanked: not found:

The last time I looked into it there wasn't a way to tell cargo-audit to not try updating the crates.io index to look for yanked crates; it tries anyway and fails (since the Nix derivation is running inside of the sandbox). I was hoping that --ignore yanked would suppress the spammy warnings, but if anyone finds a way to…

View full answer

ipetkov · 2025-04-04T02:13:20Z

ipetkov
Apr 4, 2025
Maintainer

Hi @eureka-cpu thanks for the report!

The default behavior of cargoAudit is to call cargo audit -n -d ${advisory-db} --ignore yanked, so if you want it to actually fail on unmaintained crates you'd need to set cargoAuditExtraArgs = "--ignore yanked --deny unmaintained"; (for example).

As for the yanked warnings

error: couldn't check if the package is yanked: not found:

The last time I looked into it there wasn't a way to tell cargo-audit to not try updating the crates.io index to look for yanked crates; it tries anyway and fails (since the Nix derivation is running inside of the sandbox). I was hoping that --ignore yanked would suppress the spammy warnings, but if anyone finds a way to do that I'd be happy to apply the solution

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

`cargoAudit` check fails silently #841

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

cargoAudit check fails silently #841

Uh oh!

Uh oh!

eureka-cpu Mar 24, 2025

Replies: 1 comment

Uh oh!

ipetkov Apr 4, 2025 Maintainer

`cargoAudit` check fails silently #841

eureka-cpu
Mar 24, 2025

ipetkov
Apr 4, 2025
Maintainer