# TypeDialog Dependencies

## Direct Dependencies (by crate)

### typedialog-core

Core library dependencies:

**Serialization & Data**
- serde 1.0 (Apache-2.0 OR MIT)
- serde_json 1.0 (Apache-2.0 OR MIT)
- serde_yaml 0.9 (Apache-2.0 OR MIT)
- toml 0.9 (Apache-2.0 OR MIT)

**Error Handling**
- anyhow 1.0 (Apache-2.0 OR MIT)
- thiserror 2.0 (Apache-2.0 OR MIT)

**Date/Time**
- chrono 0.4 (Apache-2.0 OR MIT)

**Async**
- tokio 1 (MIT)
- async-trait 0.1 (Apache-2.0 OR MIT)
- futures 0.3 (Apache-2.0 OR MIT)

**Templating (optional)**
- tera 1.20 (MIT)

**i18n (optional)**
- fluent 0.17 (Apache-2.0)
- fluent-bundle 0.16 (Apache-2.0)
- unic-langid 0.9 (Apache-2.0 OR MIT)
- sys-locale 0.3 (Apache-2.0 OR MIT)
- dirs 6.0 (Apache-2.0 OR MIT)

**CLI Backend (optional)**
- inquire 0.9 (MIT)
- dialoguer 0.12 (MIT)
- rpassword 7.4 (Apache-2.0)

**TUI Backend (optional)**
- ratatui 0.29 (MIT)
- crossterm 0.29 (MIT)
- atty 0.2 (MIT)

**Web Backend (optional)**
- axum 0.8.7 (MIT)
- tower 0.5.2 (MIT)
- tower-http 0.6.8 (MIT)
- tracing 0.1 (MIT)
- tracing-subscriber 0.3 (MIT)

**Utilities**
- tempfile 3.23 (Apache-2.0 OR MIT)

### typedialog (CLI)

Direct dependencies:
- typedialog-core 0.1.0 (MIT)
- clap 4.5 (Apache-2.0 OR MIT) - CLI argument parsing
- anyhow 1.0 (Apache-2.0 OR MIT)
- serde_json 1.0 (Apache-2.0 OR MIT)
- tokio 1.0 (MIT)
- toml 0.9 (Apache-2.0 OR MIT)
- unic-langid 0.9 (Apache-2.0 OR MIT)

### typedialog-tui (TUI)

Direct dependencies:
- typedialog-core 0.1.0 (MIT)
- clap 4.5 (Apache-2.0 OR MIT)
- anyhow 1.0 (Apache-2.0 OR MIT)
- serde_json 1.0 (Apache-2.0 OR MIT)
- tokio 1.0 (MIT)
- unic-langid 0.9 (Apache-2.0 OR MIT)

### typedialog-web (Web)

Direct dependencies:
- typedialog-core 0.1.0 (MIT)
- clap 4.5 (Apache-2.0 OR MIT)
- anyhow 1.0 (Apache-2.0 OR MIT)
- serde_json 1.0 (Apache-2.0 OR MIT)
- tokio 1.0 (MIT)
- unic-langid 0.9 (Apache-2.0 OR MIT)

---

## Transitive Dependencies

Total: **286 dependencies** across all features.

### License Distribution

| License | Count |
|---------|-------|
| Apache-2.0 OR MIT | 190 |
| MIT | 66 |
| Apache-2.0 | 3 |
| MIT OR Unlicense | 7 |
| Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT | 7 |
| Other | 13 |

---

## License Compatibility

All dependencies are compatible with the **MIT License**:

- ✓ **Permissive licenses** (MIT, Apache-2.0, BSD-3-Clause, Zlib, MPL-2.0)
- ✓ **Weak copyleft** (LGPL-2.1-or-later, MPL-2.0)
- ✓ **Public domain** (Unlicense, Unicode-3.0)

---

## Files

- `LICENSE.md` - Full dependency license attribution
- `SBOM.spdx.json` - Software Bill of Materials (SPDX 2.3 format)
- `SBOM.cyclonedx.json` - Software Bill of Materials (CycloneDX 1.4 format)
- `Cargo.lock` - Locked dependency versions for reproducibility

---

## Security Considerations

### No Unsafe Code

The workspace forbids `unsafe` code:
```toml
[workspace.lints.rust]
unsafe_code = "forbid"
```

### Dependency Auditing

Run security audit:
```bash
cargo audit
```

Review dependency tree:
```bash
cargo tree --depth=2
```

### SBOM Usage

SBOMs can be used with:
- **SPDX format** - CycloneDX tools, GitHub Dependabot, SPDX validators
- **CycloneDX format** - Software composition analysis tools, vulnerability scanners

---

Generated: 2024-12-17