The option to use database dumps instead of crates.io API is not apparent

[jyn514]

2 seconds per crate is really long if there are a lot of crates. https://crates.io/data-access

For information through the index, it would be nice to use the index before downloading the dump.

[jyn514]

It turns out that you can do this by opting in with cargo supply-chain update. That is mentioned in the help text for commands that download data:

The `crates.io` cache was not found or it is invalid.
  Run `cargo supply-chain update` to generate it.

Fetching publisher info from crates.io
This will take roughly 2 seconds per crate due to API rate limits

However, it doesn't make it clear that it goes through a different mechanism than the API - I assumed it would try to make an API call for each crate on crates.io and chose not to run it.

[Shnatsel]

I trust you that the usability issue is real, but I don't see how I can improve on this. This is currently documented in both the help text (see --help), and running the commands themselves also shows a message about it.

Any suggestions?

[jyn514]

Well I feel silly now that you said that ... I don't know that there's much to change here, I think I should probably just read --help more carefully.

[Shnatsel]

It is a well-known fact in UX design that people click through any prompts and warnings, especially on Windows, so the interfaces have evolved to avoid the need for warnings - e.g. providing an option to undo an action instead of asking for confirmation.

The fact that you didn't read --help is valuable real-world data, and indicates that at least some other people will do that. I just need to figure out how to make a UI that communicates better than the current one.

[HeroicKatora]

Reminds me of: 'In the face of ambiguity, refuse the temptation to guess.'. Maybe it could default to refusing to do anything unless specifically advised to query the data from the API by an extra command line option.