LinuxCommandLibrary

cargo-yank

Remove a crate version from crates.io

TLDR

Yank the specified version of a crate

$ cargo yank [crate]@[version]
copy

Undo a yank (i.e. allow downloading it again)
$ cargo yank --undo [crate]@[version]
copy

Use the specified registry (registry names can be defined in the configuration - the default is )
$ cargo yank --registry [name] [crate]@[version]
copy

SYNOPSIS

cargo yank [OPTIONS] [--] [<CRATENAME> [<VERSION>] ...]

PARAMETERS

--allow-dirty <ALLOW_DIRTY>
    Allow yanking when Cargo working directory is dirty (true/false)

--dry-run, -n
    Simulate yank using cargo publish --dry-run checks

--ignore-publish <IGNORE_PUBLISH>
    Ignore crates.io publish restrictions (true/false)

--index <INDEX>
    Path to local registry index

--registry <REGISTRY>
    Registry name to yank from (default: crates-io)

--rev <REV>
    Git revision (SHA) to yank

--tag <TAG>
    Git tag to yank

--undo
    Undo a previous yank (unyank)

--vers, -V <VERS>
    Specific version to yank

--verify-pub <VERIFY_PUB>
    Verify with cargo publish check (true/false)

-h, --help
    Print help

--version
    Print version

DESCRIPTION

cargo-yank is a tool for the Rust package manager Cargo that allows publishers to yank (remove) specific versions of a crate from the public registry like crates.io. Yanking marks a version as unavailable for new dependencies, preventing fresh projects from using it, while existing projects with direct or transitive dependencies can still resolve and use it normally.

This is crucial for handling critical bugs, security vulnerabilities, or mistaken publishes without fully deleting the version, which could break builds. The command interacts with the registry index, updating metadata to flag the version as yanked.

Typically used by crate maintainers after publishing via cargo publish. It supports local registries for private use and includes safeguards like dry-run verification against cargo publish success criteria. Undo functionality restores yanked versions. Note: requires authentication with the registry (e.g., cargo login).

CAVEATS

Yanking is semi-permanent; --undo restores but requires caution. Requires publish permissions. Breaks new downloads but not existing locks. Not for frequent use.

EXAMPLE: YANK VERSION

cargo yank mycrate --vers 1.0.0
cargo yank --undo mycrate --vers 1.0.0

AUTH SETUP

Run cargo login first for crates.io API token.

HISTORY

Developed by Alex Crichton in 2015 as cargo-yank crate to fill gap in Cargo before native registry yank support. Installed via cargo install cargo-yank. Widely used on crates.io; Cargo 1.84+ integrates some yank features experimentally.

SEE ALSO

cargo(1), cargo-publish(1)

Copied to clipboard