It would be great, if dependencies in Cargo.toml could be marked as 'private', indicating, that they mustn't be used in the public interface of that library. I'd see the following benefits:
- For a library user, any version of that dependency could be used. Cargo mustn't aggree to a specific version with other dependents and could use the latest available which might already have received a patch another dependency holds back.
- Help Library users to evaluate the impact of that library in the project or one of it's dependencies. For example: If the
Imagecrate is referenced internally only in a library, I'd use it. But it might be a showstopper if it doesn't allow me to use the latest Version of
Imagein my project anymore.
- As a library author, I want some dependencies to remain replaceable. Authors can avoid accidentally using a type defined in dependencies in the public api.
I'd use this marker for most crates like itertools, lazy_static, once_cell, thiserror rand, or crates which just provide proc-macros. Looking far into the future, the next rust edition should expect all dependencies to be private if not actively marked public.
What do you think about this idea?