{"id":13595145,"url":"https://github.com/cargo-bins/cargo-binstall","last_synced_at":"2026-05-03T06:09:10.288Z","repository":{"id":36969789,"uuid":"321270638","full_name":"cargo-bins/cargo-binstall","owner":"cargo-bins","description":"Binary installation for rust projects","archived":false,"fork":false,"pushed_at":"2026-03-29T05:21:15.000Z","size":5709,"stargazers_count":2572,"open_issues_count":98,"forks_count":97,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-03-29T06:24:55.409Z","etag":null,"topics":["binary","installer","rust"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cargo-bins.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["NobodyXu"]}},"created_at":"2020-12-14T07:44:17.000Z","updated_at":"2026-03-29T05:21:03.000Z","dependencies_parsed_at":"2023-09-24T06:23:18.903Z","dependency_job_id":"4de87198-3dc8-4eb9-9cad-6ac061ae89fd","html_url":"https://github.com/cargo-bins/cargo-binstall","commit_stats":{"total_commits":1957,"total_committers":50,"mean_commits":39.14,"dds":0.5232498722534491,"last_synced_commit":"92a022bad41abdae4221a6e901e455359cee03fe"},"previous_names":["ryankurte/cargo-binstall"],"tags_count":822,"template":false,"template_full_name":null,"purl":"pkg:github/cargo-bins/cargo-binstall","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cargo-bins%2Fcargo-binstall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cargo-bins%2Fcargo-binstall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cargo-bins%2Fcargo-binstall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cargo-bins%2Fcargo-binstall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cargo-bins","download_url":"https://codeload.github.com/cargo-bins/cargo-binstall/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cargo-bins%2Fcargo-binstall/sbom","scorecard":{"id":265725,"data":{"date":"2025-08-11","repo":{"name":"github.com/cargo-bins/cargo-binstall","commit":"79a31254392e8f3572db04e57f8d5ad57e9e5905"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.9,"checks":[{"name":"Code-Review","score":2,"reason":"Found 2/7 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: crates/detect-wasi/src/miniwasi.wasm:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Signed-Releases","score":8,"reason":"1 out of the last 1 releases have a total of 1 signed artifacts.","details":["Info: signed release artifact: cargo-binstall-aarch64-apple-darwin.full.zip.sig: https://github.com/cargo-bins/cargo-binstall/releases/tag/v1.14.4","Warn: release artifact v1.14.4 does not have provenance: https://api.github.com/repos/cargo-bins/cargo-binstall/releases/238755884"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cache-cleanup.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/cache-cleanup.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:210: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:246: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:255: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:402: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:407: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:267: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:269: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:357: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:190: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:336: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:376: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:284: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:285: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:310: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/gh-action.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/gh-action.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/install-script.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/install-script.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/install-script.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/install-script.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/install-script.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/install-script.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-cli.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-cli.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cli.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-cli.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-cli.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-cli.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cli.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-cli.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-cli.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-cli.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-cli.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-cli.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-cli.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-cli.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-cli.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-cli.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cli.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-cli.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-cli.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-cli.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cli.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-cli.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-cli.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-cli.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-packages.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-packages.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-packages.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-packages.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-packages.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-packages.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-packages.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-packages.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-packages.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-packages.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-packages.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-packages.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-packages.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-packages.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-packages.yml:148: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-packages.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-packages.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-packages.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-packages.yml:158: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-packages.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-packages.yml:162: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-packages.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-packages.yml:167: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-packages.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-packages.yml:174: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-packages.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-packages.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-packages.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-packages.yml:196: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-packages.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-plz.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-plz.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-plz.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-plz.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-plz.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-plz.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-pr.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-pr.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-pr.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-pr.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release-pr.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/shellcheck.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/shellcheck.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/shellcheck.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/shellcheck.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-transitive-deps.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/cargo-bins/cargo-binstall/upgrade-transitive-deps.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:245","Info:   0 out of  44 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of  21 third-party GitHubAction dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/ci.yml:43","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-cli.yml:80","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-cli.yml:21","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-packages.yml:55","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-packages.yml:140","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-pr.yml:19","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:29","Warn: no topLevel permission defined: .github/workflows/cache-cleanup.yml:1","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/gh-action.yml:1","Warn: no topLevel permission defined: .github/workflows/install-script.yml:1","Warn: no topLevel permission defined: .github/workflows/release-cli.yml:1","Warn: no topLevel permission defined: .github/workflows/release-packages.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release-plz.yml:5","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/shellcheck.yml:1","Warn: no topLevel permission defined: .github/workflows/upgrade-transitive-deps.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:25"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: RUSTSEC-2024-0436","Warn: Project is vulnerable to: RUSTSEC-2024-0370","Warn: Project is vulnerable to: RUSTSEC-2025-0047 / GHSA-qx2v-8332-m4fv"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T11:57:59.059Z","repository_id":36969789,"created_at":"2025-08-17T11:57:59.059Z","updated_at":"2025-08-17T11:57:59.059Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31292097,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["binary","installer","rust"],"created_at":"2024-08-01T16:01:44.765Z","updated_at":"2026-05-03T06:09:10.263Z","avatar_url":"https://github.com/cargo-bins.png","language":"Rust","funding_links":["https://github.com/sponsors/NobodyXu"],"categories":["Rust","Catalog","rust","Development tools"],"sub_categories":["package-manager","Build system","Rust tools"],"readme":"# Cargo B(inary)Install\n\nBinstall provides a low-complexity mechanism for installing Rust binaries as an alternative to building from source (via `cargo install`) or manually downloading packages.\nThis is intended to work with existing CI artifacts and infrastructure, and with minimal overhead for package maintainers.\n\nBinstall works by fetching the crate information from `crates.io` and searching the linked `repository` for matching releases and artifacts, falling back to the [quickinstall](https://github.com/alsuren/cargo-quickinstall) third-party artifact host, to alternate targets as supported, and finally to `cargo install` as a last resort.\n\n[![CI build](https://github.com/cargo-bins/cargo-binstall/actions/workflows/ci.yml/badge.svg)](https://github.com/cargo-bins/cargo-binstall/actions)\n[![GitHub tag](https://img.shields.io/github/tag/cargo-bins/cargo-binstall.svg)](https://github.com/cargo-bins/cargo-binstall/releases)\n[![Crates.io](https://img.shields.io/crates/v/cargo-binstall.svg)](https://crates.io/crates/cargo-binstall)\n\n_You may want to [see this page as it was when the latest version was published](https://crates.io/crates/cargo-binstall)._\n\n## Usage\n\n```console\n$ cargo binstall radio-sx128x@0.14.1-alpha.5\n INFO resolve: Resolving package: 'radio-sx128x@=0.14.1-alpha.5'\n WARN The package radio-sx128x v0.14.1-alpha.5 (x86_64-unknown-linux-gnu) has been downloaded from github.com\n INFO This will install the following binaries:\n INFO   - sx128x-util (sx128x-util-x86_64-unknown-linux-gnu -\u003e /home/.cargo/bin/sx128x-util)\nDo you wish to continue? [yes]/no\n? yes\n INFO Installing binaries...\n INFO Done in 2.838798298s\n```\n\nBinstall aims to be a drop-in replacement for `cargo install` in many cases, and supports similar options.\n\nFor unattended use (e.g. in CI), use the `--no-confirm` flag.\nFor additional options please see `cargo binstall --help`.\n\n## Installation\n\n### If you already have it\n\nTo upgrade cargo-binstall, use `cargo binstall cargo-binstall`!\n\n### Quickly\n\nHere are one-liners for downloading and installing a pre-compiled `cargo-binstall` binary.\n\n#### Linux and macOS\n\n```\ncurl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash\n```\n\nor if you have [homebrew](https://brew.sh/) installed:\n\n```\nbrew install cargo-binstall\n```\n\n#### Windows\n\n```\nSet-ExecutionPolicy Unrestricted -Scope Process; iex (iwr \"https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.ps1\").Content\n```\n\n### Manually\n\nDownload the relevant package for your system below, unpack it, and move the `cargo-binstall` executable into `$HOME/.cargo/bin`:\n\n| OS      | Arch    | URL                                                          |\n| ------- | ------- | ------------------------------------------------------------ |\n| Linux   | x86\\_64 | https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-x86_64-unknown-linux-musl.tgz |\n| Linux   | armv7   | https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-armv7-unknown-linux-musleabihf.tgz |\n| Linux   | arm64   | https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-aarch64-unknown-linux-musl.tgz |\n| Mac     | Intel   | https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-x86_64-apple-darwin.zip |\n| Mac     | Apple Silicon | https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-aarch64-apple-darwin.zip |\n| Mac     | Universal\u003cbr\u003e(both archs) | https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-universal-apple-darwin.zip |\n| Windows | Intel/AMD | https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-x86_64-pc-windows-msvc.zip |\n| Windows | ARM 64 | https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-aarch64-pc-windows-msvc.zip |\n\n### From source\n\nWith a recent [Rust](https://rustup.rs) installed:\n\n```\ncargo install cargo-binstall --locked\n```\n\n### In GitHub Actions\n\nWe provide a first-party, minimal action that installs Binstall:\n\n```yml\n  - uses: cargo-bins/cargo-binstall@main\n    with:\n      version: \"1.2.3\" # optional; defaults to latest\n```\n\nFor more features, we recommend the excellent [taiki-e/install-action](https://github.com/marketplace/actions/install-development-tools), which has dedicated support for selected tools and uses Binstall for everything else.\n\n## Companion tools\n\nThese are useful *third-party* tools which work well with Binstall.\n\n### [`cargo-update`](https://github.com/nabijaczleweli/cargo-update)\n\nWhile you can upgrade crates explicitly by running `cargo binstall` again, `cargo-update` takes care of updating all tools as needed.\nIt automatically uses Binstall to install the updates if it is present.\n\n### [`cargo-run-bin`](https://github.com/dustinblackman/cargo-run-bin)\n\nBinstall and `cargo install` both install tools globally by default, which is fine for system-wide tools.\nWhen installing tooling for a project, however, you may prefer to both scope the tools to that project and control their versions in code.\nThat's where `cargo-run-bin` comes in, with a dedicated section in your Cargo.toml and a short cargo subcommand.\nWhen Binstall is available, it installs from binary whenever possible... and you can even manage Binstall itself with `cargo-run-bin`!\n\n## Unsupported crates\n\nBinstall is generally smart enough to auto-detect artifacts in most situations.\nHowever, if a package fails to install, you can manually specify the `pkg-url`, `bin-dir`, and `pkg-fmt` as needed at the command line, with values as documented in [SUPPORT.md](https://github.com/cargo-bins/cargo-binstall/blob/main/SUPPORT.md).\n\n```console\n$ cargo-binstall \\\n  --pkg-url=\"{ repo }/releases/download/{ version }/{ name }-{ version }-{ target }.{ archive-format }\" \\\n  --pkg-fmt=\"txz\" \\\n  crate_name\n```\n\nMaintainers wanting to make their users' life easier can add [explicit Binstall metadata](https://github.com/cargo-bins/cargo-binstall/blob/main/SUPPORT.md) to `Cargo.toml` to locate the appropriate binary package for a given version and target.\n\n## Signatures\n\nWe have initial, limited [support](https://github.com/cargo-bins/cargo-binstall/blob/main/SIGNING.md) for maintainers to specify a signing public key and where to find package signatures.\nWith this enabled, Binstall will download and verify signatures for that package.\n\nYou can use `--only-signed` to refuse to install packages if they're not signed.\n\nIf you like to live dangerously (please don't use this outside testing), you can use `--skip-signatures` to disable checking or even downloading signatures at all.\n\n## FAQ\n\n### Why use this?\nBecause `wget`-ing releases is frustrating, `cargo install` takes a not inconsequential portion of forever on constrained devices, and often putting together actual _packages_ is overkill.\n\n### Why use the cargo manifest?\nCrates already have these, and they already contain a significant portion of the required information.\nAlso, there's this great and woefully underused (IMO) `[package.metadata]` field.\n\n### Is this secure?\nYes and also no?\n\nWe have [initial support](https://github.com/cargo-bins/cargo-binstall/blob/main/SIGNING.md) for verifying signatures, but not a lot of the ecosystem produces signatures at the moment.\nSee [#1](https://github.com/cargo-bins/cargo-binstall/issues/1) to discuss more on this.\n\nWe always pull the metadata from crates.io over HTTPS, and verify the checksum of the crate tar.\nWe also enforce using HTTPS with TLS \u003e= 1.2 for the actual download of the package files.\n\nCompared to something like a `curl ... | sh` script, we're not running arbitrary code, but of course the crate you're downloading a package for might itself be malicious!\n\n### What do the error codes mean?\nYou can find a full description of errors including exit codes here: \u003chttps://docs.rs/binstalk/latest/binstalk/errors/enum.BinstallError.html\u003e\n\n### Are debug symbols available?\nYes!\nExtra pre-built packages with a `.full` suffix are available and contain split debuginfo, documentation files, and extra binaries like the `detect-wasi` utility.\n\n## Telemetry collection\n\nSome crate installation strategies may collect anonymized usage statistics by default.\nCurrently, only the name of the crate to be installed, its version, the target platform triple, and the collecting user agent are sent to endpoints under the `https://cargo-quickinstall-stats-server.fly.dev/record-install` URL when the `quickinstall` artifact host is used.\nThe maintainers of the `quickinstall` project use this data to determine which crate versions are most worthwhile to build and host.\nThe aggregated collected telemetry is publicly accessible at \u003chttps://alsuren.grafana.net/public-dashboards/12d4ec3edf2548a1850a813e00592b53\u003e.\nShould you be interested on it, the backend code for these endpoints can be found at \u003chttps://github.com/cargo-bins/cargo-quickinstall/tree/main/stats-server\u003e.\n\nIf you prefer not to participate in this data collection, you can opt out by any of the following methods:\n\n- Setting the `--disable-telemetry` flag in the command line interface.\n- Setting the `BINSTALL_DISABLE_TELEMETRY` environment variable to `true`.\n- Disabling the `quickinstall` strategy with `--disable-strategies quick-install`, or if specifying a list of strategies to use with `--strategies`, avoiding including `quickinstall` in that list.\n- Adding `quick-install` to the `disabled-strategies` configuration key in the crate metadata (refer to [the related support documentation](SUPPORT.md#support-for-cargo-binstall) for more details).\n\n---\n\nIf you have ideas/contributions or anything is not working the way you expect (in which case, please include an output with `--log-level debug`) and feel free to open an issue or PR.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcargo-bins%2Fcargo-binstall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcargo-bins%2Fcargo-binstall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcargo-bins%2Fcargo-binstall/lists"}