cargo-generate-lockfile

Generate a Cargo.lock file with the latest version of every package

$ cargo generate-lockfile

cargo generate-lockfile [OPTIONS]

--manifest-path <PATH>
    Path to the Cargo.toml file. If not specified, Cargo will search for it in the current directory and parent directories.

--workspace
    Operate on the current workspace. This requires the crate to be a member of a workspace.

--offline
    Run without accessing the network. Fails if dependencies are not found in the local cache.

--frozen
    Require Cargo.lock and all dependencies to be up-to-date. If not, Cargo will exit with an error. This is a stronger check than --locked.

--locked
    Require Cargo.lock to be up-to-date. If not, Cargo will exit with an error. Allows network access if necessary for other operations.

--features <FEATURES>
    Space-separated list of features to activate when resolving dependencies. The resolver will include dependencies required by these features.

--all-features
    Activate all available features of all packages in the workspace (or the current package if not in a workspace) when resolving dependencies.

--no-default-features
    Do not activate the default features of the resolved package or packages in the workspace.

-v, --verbose
    Use verbose output messages, including information about the resolver's process.

-q, --quiet
    Do not print Cargo log messages. Only errors will be output.

--color <WHEN>
    Control when colors are used in output. Possible values: auto (default), always, never.

The cargo generate-lockfile command is a built-in subcommand of Rust's package manager, Cargo. Its primary purpose is to ensure that a Cargo.lock file exists and is up-to-date for a given Rust project based on its Cargo.toml manifest.

Unlike cargo build or cargo fetch, which also interact with the lockfile, cargo generate-lockfile solely focuses on resolving and writing the dependency graph. It does not download source code for dependencies (unless necessary for resolution metadata) and does not compile any code. This makes it particularly useful in continuous integration (CI) environments or for reproducible builds, where you want to guarantee a consistent dependency set without performing a full build or risking unwanted dependency updates from cargo update.

This command does not download source code for dependencies (unless strictly necessary for metadata resolution) nor compile any code. Its sole purpose is to resolve and write the Cargo.lock file.

It can fail if network access is required for dependency resolution (e.g., new dependencies or missing cache) and --offline is used, or if the Cargo.toml contains unresolvable dependencies.

While it ensures a Cargo.lock, it does not guarantee that all dependency sources are downloaded or ready for compilation; for that, cargo fetch or cargo build would be needed.

Ideal for CI/CD pipelines to ensure a consistent `Cargo.lock` is present before other build steps, or for pre-populating a development environment with a resolved dependency graph without incurring compilation time. It can also be used as a pre-commit hook to ensure the lockfile is always up-to-date with `Cargo.toml`.

When run on a project where the `Cargo.toml` and an existing `Cargo.lock` are consistent (i.e., no changes are required to the dependency graph), the command is idempotent and will typically make no changes to the lockfile.

The cargo generate-lockfile command was introduced as a built-in feature in Rust's Cargo package manager with Rust version 1.37.0, released on August 22, 2019. Prior to its introduction, users often relied on commands like `cargo fetch` or `cargo build` to implicitly generate or update the `Cargo.lock` file. This dedicated command was added to provide a clearer, more targeted way to manage the lockfile, especially for scenarios requiring reproducible builds or CI/CD pipelines where precise control over dependency resolution without full compilation was desired.

cargo(1), cargo-update(1), cargo-build(1), cargo-fetch(1), Cargo.lock(5)