Introduce typos auto-checker on CI (written in Rust btw)

.github/workflows/ci.yaml

@@ -12,6 +12,16 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  # Lightweight check for typos in any files. Config lives in 'typos.toml'
+  typos:
+    name: Typos
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      # Typos check should be pinned to the very specific version
+      # to prevent sudden dictionary updates from making our CI fail
+      - uses: crate-ci/typos@v1.19.0
+
   lint:
     name: Lint
     runs-on: ubuntu-22.04
@@ -213,6 +223,6 @@ jobs:
 
   test_success:
     runs-on: ubuntu-22.04
-    needs: [lint,test,self,publish-check,doc-book]
+    needs: [typos,lint,test,self,publish-check,doc-book]
     steps:
-    - run: echo "All test jobs passed"
+    - run: echo "All test jobs passed"

CHANGELOG.md

@@ -370,7 +370,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - [PR#262](https://github.com/EmbarkStudios/cargo-deny/pull/262) added the `fix` subcommand, which was added to bring `cargo-deny` to feature parity with `cargo-audit` so that it can take over for `cargo-audit` as the [official frontend](https://github.com/EmbarkStudios/cargo-deny/issues/194) for the the [RustSec Advisory Database](https://github.com/RustSec/advisory-db).
 
 ### Changed
-- `advisories.db-url` has been deprecated in favor of `advisories.db-urls` since multiple databses are now supported.
+- `advisories.db-url` has been deprecated in favor of `advisories.db-urls` since multiple databases are now supported.
 - `advisories.db-path` is now no longer the directory into which the advisory database is cloned into, but rather a root directory where each unique database is placed in a canonicalized directory similar to how `.cargo/registry/index` directories work.
 - [PR#274](https://github.com/EmbarkStudios/cargo-deny/pull/274) resolved [#115](https://github.com/EmbarkStudios/cargo-deny/issues/115) by normalizing git urls. Thanks [@senden9](https://github.com/senden9)!
 
@@ -431,7 +431,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Added a `fetch` subcommand that can be used to fetch external data, currently the crates.io index and the configured advisory database
 
 ### Changed
-- Upgraded to rustsec 0.18.0, which slighly reworks how yanked crate detection is done
+- Upgraded to rustsec 0.18.0, which slightly reworks how yanked crate detection is done
 
 ## [0.6.4] - 2020-02-08
 ### Fixed

CONTRIBUTING.md

@@ -20,7 +20,7 @@ Feature requests will be tagged as `enhancement` and their status will be update
 
 ### Bugs
 
-When reporting a bug or unexpected behaviour in a project, make sure your issue descibes steps to reproduce the behaviour, including the platform you were using, what steps you took, and any error messages.
+When reporting a bug or unexpected behaviour in a project, make sure your issue describes steps to reproduce the behaviour, including the platform you were using, what steps you took, and any error messages.
 
 Reproducible bugs will be tagged as `bug` and their status will be updated in the comments of the issue.
 

docs/src/checks/bans/diags.md

@@ -94,7 +94,7 @@ An [interpreted script](cfg.md#the-interpreted-field-optional) was detected.
 
 ### `unable-to-check-path`
 
-An I/O error occured when opening or reading a file from disk.
+An I/O error occurred when opening or reading a file from disk.
 
 ### `features-enabled`
 

examples/08_target_filtering/Cargo.toml

@@ -29,8 +29,8 @@ web-sys = { version = "0.3.25", default-features = false, features = ["Crypto",
 [target.'cfg(target_os = "windows")'.dependencies]
 winapi = { version = "0.2.8", default-features = false }
 
-# You can also use full target triples isntead of a cfg expression
-# We actually **ban** the nix package, but since we aren't targetting
+# You can also use full target triples instead of a cfg expression
+# We actually **ban** the nix package, but since we aren't targeting
 # musl, the crate is ignored :)
 [target.x86_64-unknown-linux-musl.dependencies]
 nix-xy = { package = "nix", version = "0.16.1" }

examples/08_target_filtering/README.md

@@ -13,4 +13,4 @@ targets = [
 
 ## Description
 
-By default, cargo resolves every single dependency, including for target specific dependencies. However, it's unlikely that your project is actually built for all (143 at the time of this writing) targets that are built in to rustc itself, which means that there may be crates in your graph that are never actually compiled or used in any way. By specifying the `targets = []` configuration in your `deny.toml`, you can specify a list of targets you _actually_ are targetting, removing any crates that don't match at least 1 of the targets you specify.
+By default, cargo resolves every single dependency, including for target specific dependencies. However, it's unlikely that your project is actually built for all (143 at the time of this writing) targets that are built in to rustc itself, which means that there may be crates in your graph that are never actually compiled or used in any way. By specifying the `targets = []` configuration in your `deny.toml`, you can specify a list of targets you _actually_ are targeting, removing any crates that don't match at least 1 of the targets you specify.

examples/08_target_filtering/deny.toml

@@ -10,7 +10,7 @@ targets = [
 [bans]
 deny = [
     # We ban the nix package, but it's in the Cargo.toml! But that's ok
-    # because it is only built when targetting x86_64-unknown-linux-musl,
+    # because it is only built when targeting x86_64-unknown-linux-musl,
     # which we aren't
     { name = "nix" },
     # If we did build for windows, we definitely would not want version 0.2!

examples/09_bans/Cargo.toml

@@ -8,7 +8,7 @@ edition = "2018"
 version = "0.10.1"
 # Uncomment these to "fix" cargo deny check bans.
 # 1. By disabling default features we remove the use of native-tls, which
-# is impelemented via openssl-sys on linux
+# is implemented via openssl-sys on linux
 # 2. openssl-sys also depends on an old version of autocfg, so we remove a
 # duplicate as well!
 # default-features = false

examples/09_bans/README.md

@@ -9,7 +9,7 @@ This example shows how to ban particular crates, and handle duplicate versions.
 version = "0.10.1"
 # Uncomment these to "fix" cargo deny check bans.
 # 1. By disabling default features we remove the use of native-tls, which
-# is impelemented via openssl-sys on linux
+# is implemented via openssl-sys on linux
 # 2. openssl-sys also depends on an old version of autocfg, so we remove a
 # duplicate as well!
 # default-features = false
@@ -42,5 +42,5 @@ skip = [
 
 ## Description
 
-This examle shows how the `bans` check works. `reqwest` by default uses native-tls, which on linux uses openssl. But we've decided to **deny** openssl, so adding a dependency on it triggers the lint. It also happens to pull in multiple
+This example shows how the `bans` check works. `reqwest` by default uses native-tls, which on linux uses openssl. But we've decided to **deny** openssl, so adding a dependency on it triggers the lint. It also happens to pull in multiple
 versions of a couple of dependencies, so we skip those. To "fix" this check, we would need to disable `reqwest`'s default features, and then enable the `"rustls"` feature, because we still want TLS!

src/advisories.rs

@@ -118,15 +118,15 @@ pub fn check<R, S>(
         }
     }
 
-    // Check for advisory identifers that were set to be ignored, but
+    // Check for advisory identifiers that were set to be ignored, but
     // are not actually in any database.
     for ignored in &ctx.cfg.ignore {
         if !advisory_dbs.has_advisory(&ignored.id.value) {
             sink.push(ctx.diag_for_unknown_advisory(ignored));
         }
     }
 
-    // Check for advisory identifers that were set to be ignored, but
+    // Check for advisory identifiers that were set to be ignored, but
     // were not actually encountered, for cases where a crate, or specific
     // version of that crate, has been removed or replaced and the advisory
     // no longer applies to it, so that users can cleanup their configuration

src/advisories/cfg.rs

@@ -963,9 +963,9 @@ ignore = [
             })),
             Some(Box::new(|exp| {
                 if matches!(exp, Expand::Var("FIRST")) {
-                    expand!(exp, "FIRST", Ok(Some("furst".into())))
+                    expand!(exp, "FIRST", Ok(Some("first".into())))
                 } else {
-                    expand!(exp, "SECOND", Ok(Some("secund".into())))
+                    expand!(exp, "SECOND", Ok(Some("second".into())))
                 }
             })),
         ];
@@ -987,7 +987,7 @@ expansions = [
     "$!", # fails due to empty variable name
     "${!}", # fails due to invalid character in variable name
     "/expands/stuff-${IN_MID}-like-this", # /expands/stuff-in-the-middle-like-this
-    "/expands/$FIRST-item/${SECOND}-item/multiple", # /expands/furst-item/secund-item/multiple
+    "/expands/$FIRST-item/${SECOND}-item/multiple", # /expands/first-item/second-item/multiple
 ]
 "#;
         let mut tv = toml_span::parse(toml).unwrap();

src/advisories/helpers/db.rs

@@ -447,7 +447,7 @@ fn fetch_via_gix(url: &Url, db_path: &Path) -> anyhow::Result<()> {
             &repo.find_remote("origin").unwrap(),
         )?;
     } else {
-        // If we didn't open a fresh repo we need to peform a fetch ourselves, and
+        // If we didn't open a fresh repo we need to perform a fetch ourselves, and
         // do the work of updating the HEAD to point at the latest remote HEAD, which
         // gix doesn't currently do.
         //
@@ -531,7 +531,7 @@ fn fetch_via_cli(url: &str, db_path: &Path) -> anyhow::Result<()> {
 
 pub struct Report<'db, 'k> {
     pub advisories: Vec<(&'k Krate, krates::NodeId, &'db rustsec::Advisory)>,
-    /// For backwards compatiblity with cargo-audit, we optionally serialize the
+    /// For backwards compatibility with cargo-audit, we optionally serialize the
     /// reports to JSON and output them in addition to the normal cargo-deny
     /// diagnostics
     pub serialized_reports: Vec<serde_json::Value>,

src/advisories/snapshots/cargo_deny__advisories__cfg__test__expands_path.snap

@@ -65,4 +65,4 @@ error: variable name is invalid
 
 
 /expands/stuff-in-the-middle-like-this
-/expands/furst-item/secund-item/multiple
+/expands/first-item/second-item/multiple

src/bans/cfg.rs

@@ -342,10 +342,10 @@ pub struct Config {
     /// Allows specifying features that are or are not allowed on crates
     pub features: Vec<CrateFeatures>,
     /// The default lint level for default features for external, non-workspace
-    /// crates, can be overriden in `features` on a crate by crate basis
+    /// crates, can be overridden in `features` on a crate by crate basis
     pub external_default_features: Option<Spanned<LintLevel>>,
     /// The default lint level for default features for workspace crates, can be
-    /// overriden in `features` on a crate by crate basis
+    /// overridden in `features` on a crate by crate basis
     pub workspace_default_features: Option<Spanned<LintLevel>>,
     /// If specified, disregards the crate completely
     pub skip: Vec<CrateSkip>,

src/bans/diags.rs

@@ -237,7 +237,7 @@ pub(crate) struct UnusedWrapper {
 impl From<UnusedWrapper> for Diag {
     fn from(us: UnusedWrapper) -> Self {
         Diagnostic::new(Severity::Warning)
-            .with_message("wrapper for banned crate was not enountered")
+            .with_message("wrapper for banned crate was not encountered")
             .with_code(Code::UnusedWrapper)
             .with_labels(vec![us
                 .wrapper_cfg

src/cargo-deny/main.rs

@@ -247,7 +247,7 @@ fn real_main() -> Result<(), Error> {
         mpath
     } else {
         // For now, use the context path provided by the user, but
-        // we've deprected it and it will go away at some point
+        // we've deprecated it and it will go away at some point
         let cwd =
             std::env::current_dir().context("unable to determine current working directory")?;
 

src/cfg/package_spec.rs

@@ -73,7 +73,7 @@ impl<'de> Deserialize<'de> for PackageSpec {
 
                     Ctx::from_str(s, val.span)
                 } else {
-                    // Encourge user to use the 'crate' spec instead
+                    // Encourage user to use the 'crate' spec instead
                     let name = th.required("name").map_err(|e| {
                         if matches!(e.kind, toml_span::ErrorKind::MissingField(_)) {
                             (toml_span::ErrorKind::MissingField("crate"), e.span).into()

src/diag/sink.rs

@@ -38,7 +38,7 @@ impl ErrorSink {
 
 use super::Severity;
 
-/// Each diagnostic will have a default severity, but these can be overriden
+/// Each diagnostic will have a default severity, but these can be overridden
 /// by the user via the CLI so that eg. warnings can be made into errors on CI
 pub struct DiagnosticOverrides {
     pub code_overrides: std::collections::BTreeMap<&'static str, Severity>,

src/licenses/gather.rs

@@ -201,7 +201,7 @@ impl LicensePack {
     fn get_expression(
         &self,
         file: FileId,
-        strat: &askalono::ScanStrategy<'_>,
+        strategy: &askalono::ScanStrategy<'_>,
         confidence: f32,
     ) -> Result<GatheredExpr, (String, Vec<Label>)> {
         use std::fmt::Write;
@@ -237,7 +237,7 @@ impl LicensePack {
                     write!(synth_toml, "hash = 0x{:08x}, ", data.hash).unwrap();
 
                     let text = askalono::TextData::new(&data.content);
-                    match strat.scan(&text) {
+                    match strategy.scan(&text) {
                         Ok(lic_match) => {
                             if let Some(mut identified) = lic_match.license {
                                 // See https://github.com/EmbarkStudios/cargo-deny/issues/625
@@ -753,7 +753,7 @@ impl Gatherer {
                                 notes,
                             };
                         }
-                        Err((new_toml, lic_file_lables)) => {
+                        Err((new_toml, lic_file_labels)) => {
                             // Push our synthesized license files toml content to the end of
                             // the other synthesized toml then fixup all of our spans
                             let old_end = {
@@ -768,7 +768,7 @@ impl Gatherer {
                                 old_end
                             };
 
-                            for label in lic_file_lables {
+                            for label in lic_file_labels {
                                 let span = label.range.start + old_end..label.range.end + old_end;
                                 labels.push(
                                     Label::secondary(label.file_id, span)

tests/LICENSE-RING

@@ -113,7 +113,7 @@ some authors is recorded for use of their work:
  * The implementation was written so as to conform with Netscapes SSL.
  * 
  * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
+ * the following conditions are adhered to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
@@ -138,7 +138,7 @@ some authors is recorded for use of their work:
  *    must display the following acknowledgement:
  *    "This product includes cryptographic software written by
  *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    The word 'cryptographic' can be left out if the routines from the library
  *    being used are not cryptographic related :-).
  * 4. If you include any Windows specific code (or a derivative thereof) from 
  *    the apps directory (application code) you must include an acknowledgement:
@@ -156,7 +156,7 @@ some authors is recorded for use of their work:
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  * 
- * The licence and distribution terms for any publically available version or
+ * The licence and distribution terms for any publicly available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]

tests/bans.rs

@@ -151,7 +151,7 @@ multiple-versions-include-dev = true
     insta::assert_json_snapshot!(diags);
 }
 
-/// Ensures that dev dependendencies are ignored
+/// Ensures that dev dependencies are ignored
 #[test]
 fn ignores_dev() {
     let diags = gather_bans(

tests/feature_bans.rs

@@ -155,7 +155,7 @@ fn workspace_default_features_warns_and_denies() {
     insta::assert_json_snapshot!(diags);
 }
 
-/// Ensures that a workspace default ban can be overriden by a crate specific allow = 'default'
+/// Ensures that a workspace default ban can be overridden by a crate specific allow = 'default'
 #[test]
 fn workspace_default_features_allow_override() {
     let diags = gather_bans(
@@ -204,7 +204,7 @@ fn external_default_features_warns_and_denies() {
     insta::assert_json_snapshot!(diags);
 }
 
-/// Ensures that a workspace default ban can be overriden by a crate specific allow = 'default'
+/// Ensures that a workspace default ban can be overridden by a crate specific allow = 'default'
 #[test]
 fn external_default_features_allow_override() {
     let diags = gather_bans(

tests/snapshots/bans__disallows_denied_with_wrapper.snap

@@ -119,7 +119,7 @@ expression: diags
           "span": "other-crate"
         }
       ],
-      "message": "wrapper for banned crate was not enountered",
+      "message": "wrapper for banned crate was not encountered",
       "severity": "warning"
     },
     "type": "diagnostic"

tests/snapshots/bans__warns_on_unused_wrappers.snap

@@ -61,7 +61,7 @@ expression: diags
           "span": "other-crate"
         }
       ],
-      "message": "wrapper for banned crate was not enountered",
+      "message": "wrapper for banned crate was not encountered",
       "severity": "warning"
     },
     "type": "diagnostic"

tests/test_data/features-galore/Cargo.toml

@@ -5,7 +5,7 @@ edition = "2021"
 
 [dependencies]
 parking_lot_core = "=0.9.3"
-reqest = { version = "0.11", package = "reqwest", default-features = false, optional = true, features = [
+request = { version = "0.11", package = "reqwest", default-features = false, optional = true, features = [
     "brotli",
 ] }
 rgb = { version = "0.8.25", optional = true }
@@ -22,7 +22,7 @@ git = { package = "git2", version = "=0.14.4", default-features = false }
 audio = { package = "coreaudio-rs", version = "=0.11.1", default-features = false, optional = true }
 
 [build-dependencies]
-reqest = { version = "0.11", package = "reqwest", default-features = false, optional = true, features = [
+request = { version = "0.11", package = "reqwest", default-features = false, optional = true, features = [
     "cookies",
 ] }
 
@@ -31,14 +31,14 @@ simple_ecs = "=0.3.2"
 
 [features]
 default = ["simple"]
-blocking = ["simple", "reqest?/blocking"]
-json = ["reqest?/json"]
+blocking = ["simple", "request?/blocking"]
+json = ["request?/json"]
 midi = ["audio?/core_midi"]
-multipart = ["reqest?/multipart"]
+multipart = ["request?/multipart"]
 serde = ["dep:serde", "rgb?/serde"]
 simple = ["json"]
 ssh = ["git/ssh", "git/ssh_key_from_memory"]
-stream = ["reqest?/stream"]
-tls = ["tls-no-reqwest", "reqest?/rustls-tls"]
+stream = ["request?/stream"]
+tls = ["tls-no-reqwest", "request?/rustls-tls"]
 tls-no-reqwest = ["rustls"]
-zlib = ["git/zlib-ng-compat", "reqest?/deflate"]
+zlib = ["git/zlib-ng-compat", "request?/deflate"]