It sounds like you're implying git submodules are actually a good thing... I think you're the first person who has implied such a thing to me before. Everyone I actually know agrees that submodules are basically never the right solution or a pleasant solution.

But, to your question, no. Where would the submodules even point? The dependency source code artifacts are stored "immutably" (except for takedown notices or extreme abuse cases) on https://crates.io. They aren't git repos, and there's nowhere for git to point.

> Everyone I actually know agrees that submodules are basically never the right solution or a pleasant solution.

I generally prefer submodules to other solutions as I tend to fix / change a lot of stuff in the libraries that I'm using

Yeah: using submodules makes maintaining vendor patches (which, FWIW, I pretty much don't do and will move mountains to avoid... but like, I totally appreciate why people do them) really natural and easy. Like, you don't just want a copy of the code: you want to be able to participate in the development of the upstream code with the same level of tooling that they have, and submodules does that.

The approach here would be to declare the dependency on the git repo directly. Vendoring is still going to copy the stuff you're building into your project, but you'd keep those patches in the repository of the dependency, not on your vendored copy.

The key thing here is being able to do it through multiple levels of dependency, for which I see someone else provided me an answer that is actionable! \o/

People definitely have strong opinions on submodules, but it is nowhere near so one-sides: a ton of people hate them, and a ton of people swear by them. FWIW, all of the Rust libraries I use are available as git repositories. With many other package managers, I can tell them "don't use the upstream copy from the package repo: use the copy I have in this folder" in a trivial manner. I thereby don't really want "automation" around either downloading the code for me to mirror or for the submodules I want: I want to set it up and then configure it so it is all "honored"... and I could totally see the feature you talking about somehow only working one way (with automatic copies) instead of being flexible.

Rust allows you to override dependencies via the patch directive in your Cargo.toml: https://doc.rust-lang.org/edition-guide/rust-2018/cargo-and-...

Rust also lets you do that trivially, by saying "hey here is where the folder is".

Yes, it can pick dependencies from checked out submodules, or git URLs directly. It has ways to patch individual dependencies anywhere in the dependency tree, and multiple ways to mirror or replace the whole crates.io index. It's pretty flexible in this regard.