TypeDialog/docs/DEPENDENCIES.md

# TypeDialog Dependencies

## Direct Dependencies (by crate)

### typedialog-core

Core library dependencies:

**Serialization & Data**
- serde 1.0 (Apache-2.0 OR MIT)
- serde_json 1.0 (Apache-2.0 OR MIT)
- serde_yaml 0.9 (Apache-2.0 OR MIT)
- toml 0.9 (Apache-2.0 OR MIT)

**Error Handling**
- anyhow 1.0 (Apache-2.0 OR MIT)
- thiserror 2.0 (Apache-2.0 OR MIT)

**Date/Time**
- chrono 0.4 (Apache-2.0 OR MIT)

**Async**
- tokio 1 (MIT)
- async-trait 0.1 (Apache-2.0 OR MIT)
- futures 0.3 (Apache-2.0 OR MIT)

**Templating (optional)**
- tera 1.20 (MIT)

**i18n (optional)**
- fluent 0.17 (Apache-2.0)
- fluent-bundle 0.16 (Apache-2.0)
- unic-langid 0.9 (Apache-2.0 OR MIT)
- sys-locale 0.3 (Apache-2.0 OR MIT)
- dirs 6.0 (Apache-2.0 OR MIT)

**CLI Backend (optional)**
- inquire 0.9 (MIT)
- dialoguer 0.12 (MIT)
- rpassword 7.4 (Apache-2.0)

**TUI Backend (optional)**
- ratatui 0.29 (MIT)
- crossterm 0.29 (MIT)
- atty 0.2 (MIT)

**Web Backend (optional)**
- axum 0.8.7 (MIT)
- tower 0.5.2 (MIT)
- tower-http 0.6.8 (MIT)
- tracing 0.1 (MIT)
- tracing-subscriber 0.3 (MIT)

**Utilities**
- tempfile 3.23 (Apache-2.0 OR MIT)

### typedialog (CLI)

Direct dependencies:
- typedialog-core 0.1.0 (MIT)
- clap 4.5 (Apache-2.0 OR MIT) - CLI argument parsing
- anyhow 1.0 (Apache-2.0 OR MIT)
- serde_json 1.0 (Apache-2.0 OR MIT)
- tokio 1.0 (MIT)
- toml 0.9 (Apache-2.0 OR MIT)
- unic-langid 0.9 (Apache-2.0 OR MIT)

### typedialog-tui (TUI)

Direct dependencies:
- typedialog-core 0.1.0 (MIT)
- clap 4.5 (Apache-2.0 OR MIT)
- anyhow 1.0 (Apache-2.0 OR MIT)
- serde_json 1.0 (Apache-2.0 OR MIT)
- tokio 1.0 (MIT)
- unic-langid 0.9 (Apache-2.0 OR MIT)

### typedialog-web (Web)

Direct dependencies:
- typedialog-core 0.1.0 (MIT)
- clap 4.5 (Apache-2.0 OR MIT)
- anyhow 1.0 (Apache-2.0 OR MIT)
- serde_json 1.0 (Apache-2.0 OR MIT)
- tokio 1.0 (MIT)
- unic-langid 0.9 (Apache-2.0 OR MIT)

---

## Transitive Dependencies

Total: **286 dependencies** across all features.

### License Distribution

| License | Count |
|---------|-------|
| Apache-2.0 OR MIT | 190 |
| MIT | 66 |
| Apache-2.0 | 3 |
| MIT OR Unlicense | 7 |
| Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT | 7 |
| Other | 13 |

---

## License Compatibility

All dependencies are compatible with the **MIT License**:

- ✓ **Permissive licenses** (MIT, Apache-2.0, BSD-3-Clause, Zlib, MPL-2.0)
- ✓ **Weak copyleft** (LGPL-2.1-or-later, MPL-2.0)
- ✓ **Public domain** (Unlicense, Unicode-3.0)

---

## Files

- `LICENSE.md` - Full dependency license attribution
- `SBOM.spdx.json` - Software Bill of Materials (SPDX 2.3 format)
- `SBOM.cyclonedx.json` - Software Bill of Materials (CycloneDX 1.4 format)
- `Cargo.lock` - Locked dependency versions for reproducibility

---

## Security Considerations

### No Unsafe Code

The workspace forbids `unsafe` code:
```toml
[workspace.lints.rust]
unsafe_code = "forbid"
```

### Dependency Auditing

Run security audit:
```bash
cargo audit
```

Review dependency tree:
```bash
cargo tree --depth=2
```

### SBOM Usage

SBOMs can be used with:
- **SPDX format** - CycloneDX tools, GitHub Dependabot, SPDX validators
- **CycloneDX format** - Software composition analysis tools, vulnerability scanners

---

Generated: 2024-12-17
chore: add docs 2025-12-18 01:10:29 +00:00			`# TypeDialog Dependencies`

			`## Direct Dependencies (by crate)`

			`### typedialog-core`

			`Core library dependencies:`

			`Serialization & Data`
			`- serde 1.0 (Apache-2.0 OR MIT)`
			`- serde_json 1.0 (Apache-2.0 OR MIT)`
			`- serde_yaml 0.9 (Apache-2.0 OR MIT)`
			`- toml 0.9 (Apache-2.0 OR MIT)`

			`Error Handling`
			`- anyhow 1.0 (Apache-2.0 OR MIT)`
			`- thiserror 2.0 (Apache-2.0 OR MIT)`

			`Date/Time`
			`- chrono 0.4 (Apache-2.0 OR MIT)`

			`Async`
			`- tokio 1 (MIT)`
			`- async-trait 0.1 (Apache-2.0 OR MIT)`
			`- futures 0.3 (Apache-2.0 OR MIT)`

			`Templating (optional)`
			`- tera 1.20 (MIT)`

			`i18n (optional)`
			`- fluent 0.17 (Apache-2.0)`
			`- fluent-bundle 0.16 (Apache-2.0)`
			`- unic-langid 0.9 (Apache-2.0 OR MIT)`
			`- sys-locale 0.3 (Apache-2.0 OR MIT)`
			`- dirs 6.0 (Apache-2.0 OR MIT)`

			`CLI Backend (optional)`
			`- inquire 0.9 (MIT)`
			`- dialoguer 0.12 (MIT)`
			`- rpassword 7.4 (Apache-2.0)`

			`TUI Backend (optional)`
			`- ratatui 0.29 (MIT)`
			`- crossterm 0.29 (MIT)`
			`- atty 0.2 (MIT)`

			`Web Backend (optional)`
			`- axum 0.8.7 (MIT)`
			`- tower 0.5.2 (MIT)`
			`- tower-http 0.6.8 (MIT)`
			`- tracing 0.1 (MIT)`
			`- tracing-subscriber 0.3 (MIT)`

			`Utilities`
			`- tempfile 3.23 (Apache-2.0 OR MIT)`

			`### typedialog (CLI)`

			`Direct dependencies:`
			`- typedialog-core 0.1.0 (MIT)`
			`- clap 4.5 (Apache-2.0 OR MIT) - CLI argument parsing`
			`- anyhow 1.0 (Apache-2.0 OR MIT)`
			`- serde_json 1.0 (Apache-2.0 OR MIT)`
			`- tokio 1.0 (MIT)`
			`- toml 0.9 (Apache-2.0 OR MIT)`
			`- unic-langid 0.9 (Apache-2.0 OR MIT)`

			`### typedialog-tui (TUI)`

			`Direct dependencies:`
			`- typedialog-core 0.1.0 (MIT)`
			`- clap 4.5 (Apache-2.0 OR MIT)`
			`- anyhow 1.0 (Apache-2.0 OR MIT)`
			`- serde_json 1.0 (Apache-2.0 OR MIT)`
			`- tokio 1.0 (MIT)`
			`- unic-langid 0.9 (Apache-2.0 OR MIT)`

			`### typedialog-web (Web)`

			`Direct dependencies:`
			`- typedialog-core 0.1.0 (MIT)`
			`- clap 4.5 (Apache-2.0 OR MIT)`
			`- anyhow 1.0 (Apache-2.0 OR MIT)`
			`- serde_json 1.0 (Apache-2.0 OR MIT)`
			`- tokio 1.0 (MIT)`
			`- unic-langid 0.9 (Apache-2.0 OR MIT)`

			`---`

			`## Transitive Dependencies`

			`Total: 286 dependencies across all features.`

			`### License Distribution`

			`\| License \| Count \|`
			`\|---------\|-------\|`
			`\| Apache-2.0 OR MIT \| 190 \|`
			`\| MIT \| 66 \|`
			`\| Apache-2.0 \| 3 \|`
			`\| MIT OR Unlicense \| 7 \|`
			`\| Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT \| 7 \|`
			`\| Other \| 13 \|`

			`---`

			`## License Compatibility`

			`All dependencies are compatible with the MIT License:`

			`- ✓ Permissive licenses (MIT, Apache-2.0, BSD-3-Clause, Zlib, MPL-2.0)`
			`- ✓ Weak copyleft (LGPL-2.1-or-later, MPL-2.0)`
			`- ✓ Public domain (Unlicense, Unicode-3.0)`

			`---`

			`## Files`

			- `LICENSE.md` - Full dependency license attribution
			- `SBOM.spdx.json` - Software Bill of Materials (SPDX 2.3 format)
			- `SBOM.cyclonedx.json` - Software Bill of Materials (CycloneDX 1.4 format)
			- `Cargo.lock` - Locked dependency versions for reproducibility

			`---`

			`## Security Considerations`

			`### No Unsafe Code`

			The workspace forbids `unsafe` code:
			```toml
			`[workspace.lints.rust]`
			`unsafe_code = "forbid"`
			```

			`### Dependency Auditing`

			`Run security audit:`
			```bash
			`cargo audit`
			```

			`Review dependency tree:`
			```bash
			`cargo tree --depth=2`
			```

			`### SBOM Usage`

			`SBOMs can be used with:`
			`- SPDX format - CycloneDX tools, GitHub Dependabot, SPDX validators`
			`- CycloneDX format - Software composition analysis tools, vulnerability scanners`

			`---`

			`Generated: 2024-12-17`