{"id":13502868,"url":"https://github.com/google/zerocopy","last_synced_at":"2026-03-09T05:05:50.201Z","repository":{"id":59747183,"uuid":"534354967","full_name":"google/zerocopy","owner":"google","description":"Zerocopy makes zero-cost memory manipulation effortless. We write `unsafe` so you don’t have to.","archived":false,"fork":false,"pushed_at":"2026-02-19T17:12:04.000Z","size":89923,"stargazers_count":2190,"open_issues_count":325,"forks_count":141,"subscribers_count":11,"default_branch":"main","last_synced_at":"2026-02-22T22:18:19.085Z","etag":null,"topics":["memory","memory-safety","performance","rust","zero-copy"],"latest_commit_sha":null,"homepage":"https://discord.gg/MAvWH2R6zk","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/google.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2022-09-08T19:01:01.000Z","updated_at":"2026-02-22T06:51:29.000Z","dependencies_parsed_at":"2025-12-18T03:08:12.686Z","dependency_job_id":null,"html_url":"https://github.com/google/zerocopy","commit_stats":{"total_commits":1129,"total_committers":67,"mean_commits":"16.850746268656717","dds":0.5890168290522586,"last_synced_commit":"6394871dd625c2207204ff045eac75b5423c0be1"},"previous_names":[],"tags_count":2213,"template":false,"template_full_name":null,"purl":"pkg:github/google/zerocopy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fzerocopy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fzerocopy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fzerocopy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fzerocopy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/google","download_url":"https://codeload.github.com/google/zerocopy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fzerocopy/sbom","scorecard":{"id":438254,"data":{"date":"2025-08-18T15:54:43Z","repo":{"name":"github.com/google/zerocopy","commit":"1a7390ea77019bb7dba87b5d998c58126135d2ec"},"scorecard":{"version":"v5.0.0","commit":"ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4"},"score":8.1,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Warn: 'stale review dismissal' is disable on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Warn: 'last push approval' is disable on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"30 out of 30 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#ci-tests"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#cii-best-practices"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#code-review"}},{"name":"Contributors","score":10,"reason":"project has 10 contributing companies or organizations","details":["Info: google contributor org/company found, brownplt contributor org/company found, ECSIG contributor org/company found, JosiahCodeberry contributor org/company found, brown-cs19 contributor org/company found, llvm contributor org/company found, aya-rs contributor org/company found, rust-lang contributor org/company found, ram-hacks contributor org/company found, rust-itertools contributor org/company found, "],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#contributors"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dangerous-workflow"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dependency-update-tool"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE-APACHE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE-APACHE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#license"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":8,"reason":"dependency not pinned by hash detected -- score normalized to 8","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:568: update your workflow using https://app.stepsecurity.io/secureworkflow/google/zerocopy/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/google/zerocopy/docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/google/zerocopy/docs.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/google/zerocopy/docs.yml/main?enable=pin","Warn: goCommand not pinned by hash: .github/workflows/ci.yml:769","Warn: goCommand not pinned by hash: .github/workflows/ci.yml:779","Warn: goCommand not pinned by hash: .github/workflows/ci.yml:801","Info:  22 out of  25 GitHub-owned GitHubAction dependencies pinned","Info:  20 out of  21 third-party GitHubAction dependencies pinned","Info:   0 out of   3 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#sast"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/google/.github/SECURITY.md:1","Info: Found linked content: github.com/google/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/google/.github/SECURITY.md:1","Info: Found text in security policy: github.com/google/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#security-policy"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel permissions set to 'read-all': .github/workflows/backport-pr.yml:21","Info: topLevel permissions set to 'read-all': .github/workflows/ci.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/docs.yml:18","Info: topLevel permissions set to 'read-all': .github/workflows/release-crate-version.yml:21","Info: topLevel permissions set to 'read-all': .github/workflows/roll-pinned-toolchain-versions.yml:25","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:26","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#token-permissions"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T05:08:32.338Z","repository_id":59747183,"created_at":"2025-08-19T05:08:32.338Z","updated_at":"2025-08-19T05:08:32.338Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29876379,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-26T22:37:10.609Z","status":"ssl_error","status_checked_at":"2026-02-26T22:37:09.019Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["memory","memory-safety","performance","rust","zero-copy"],"created_at":"2024-07-31T22:02:27.734Z","updated_at":"2026-02-26T23:05:20.472Z","avatar_url":"https://github.com/google.png","language":"Rust","readme":"\u003c!-- Copyright 2024 The Fuchsia Authors\n\nLicensed under a BSD-style license \u003cLICENSE-BSD\u003e, Apache License, Version 2.0\n\u003cLICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0\u003e, or the MIT\nlicense \u003cLICENSE-MIT or https://opensource.org/licenses/MIT\u003e, at your option.\nThis file may not be copied, modified, or distributed except according to\nthose terms.\n\nWARNING: DO NOT EDIT THIS FILE. It is generated automatically. Edits should be\nmade in the doc comment on `src/lib.rs` or in `tools/generate-readme`.\n--\u003e\n\n# zerocopy\n\n***\u003cspan style=\"font-size: 140%\"\u003eFast, safe, \u003cspan\nstyle=\"color:red;\"\u003ecompile error\u003c/span\u003e. Pick two.\u003c/span\u003e***\n\nZerocopy makes zero-cost memory manipulation effortless. We write `unsafe`\nso you don't have to.\n\n*For an overview of what's changed from zerocopy 0.7, check out our [release\nnotes][release-notes], which include a step-by-step upgrading guide.*\n\n*Have questions? Need more out of zerocopy? Submit a [customer request\nissue][customer-request-issue] or ask the maintainers on\n[GitHub][github-q-a] or [Discord][discord]!*\n\n[customer-request-issue]: https://github.com/google/zerocopy/issues/new/choose\n[release-notes]: https://github.com/google/zerocopy/discussions/1680\n[github-q-a]: https://github.com/google/zerocopy/discussions/categories/q-a\n[discord]: https://discord.gg/MAvWH2R6zk\n\n## Overview\n\n###### Conversion Traits\n\nZerocopy provides four derivable traits for zero-cost conversions:\n- `TryFromBytes` indicates that a type may safely be converted from\n  certain byte sequences (conditional on runtime checks)\n- `FromZeros` indicates that a sequence of zero bytes represents a valid\n  instance of a type\n- `FromBytes` indicates that a type may safely be converted from an\n  arbitrary byte sequence\n- `IntoBytes` indicates that a type may safely be converted *to* a byte\n  sequence\n\nThese traits support sized types, slices, and [slice DSTs][slice-dsts].\n\n[slice-dsts]: KnownLayout#dynamically-sized-types\n\n###### Marker Traits\n\nZerocopy provides three derivable marker traits that do not provide any\nfunctionality themselves, but are required to call certain methods provided\nby the conversion traits:\n- `KnownLayout` indicates that zerocopy can reason about certain layout\n  qualities of a type\n- `Immutable` indicates that a type is free from interior mutability,\n  except by ownership or an exclusive (`\u0026mut`) borrow\n- `Unaligned` indicates that a type's alignment requirement is 1\n\nYou should generally derive these marker traits whenever possible.\n\n###### Conversion Macros\n\nZerocopy provides six macros for safe casting between types:\n\n- (`try_`[try_transmute])`transmute` (conditionally) converts a value of\n  one type to a value of another type of the same size\n- (`try_`[try_transmute_mut])`transmute_mut` (conditionally) converts a\n  mutable reference of one type to a mutable reference of another type of\n  the same size\n- (`try_`[try_transmute_ref])`transmute_ref` (conditionally) converts a\n  mutable or immutable reference of one type to an immutable reference of\n  another type of the same size\n\nThese macros perform *compile-time* size and alignment checks, meaning that\nunconditional casts have zero cost at runtime. Conditional casts do not need\nto validate size or alignment runtime, but do need to validate contents.\n\nThese macros cannot be used in generic contexts. For generic conversions,\nuse the methods defined by the [conversion traits](#conversion-traits).\n\n###### Byteorder-Aware Numerics\n\nZerocopy provides byte-order aware integer types that support these\nconversions; see the `byteorder` module. These types are especially useful\nfor network parsing.\n\n## Cargo Features\n\n- **`alloc`**\n  By default, `zerocopy` is `no_std`. When the `alloc` feature is enabled,\n  the `alloc` crate is added as a dependency, and some allocation-related\n  functionality is added.\n\n- **`std`**\n  By default, `zerocopy` is `no_std`. When the `std` feature is enabled, the\n  `std` crate is added as a dependency (ie, `no_std` is disabled), and\n  support for some `std` types is added. `std` implies `alloc`.\n\n- **`derive`**\n  Provides derives for the core marker traits via the `zerocopy-derive`\n  crate. These derives are re-exported from `zerocopy`, so it is not\n  necessary to depend on `zerocopy-derive` directly.\n\n  However, you may experience better compile times if you instead directly\n  depend on both `zerocopy` and `zerocopy-derive` in your `Cargo.toml`,\n  since doing so will allow Rust to compile these crates in parallel. To do\n  so, do *not* enable the `derive` feature, and list both dependencies in\n  your `Cargo.toml` with the same leading non-zero version number; e.g:\n\n  ```toml\n  [dependencies]\n  zerocopy = \"0.X\"\n  zerocopy-derive = \"0.X\"\n  ```\n\n  To avoid the risk of [duplicate import errors][duplicate-import-errors] if\n  one of your dependencies enables zerocopy's `derive` feature, import\n  derives as `use zerocopy_derive::*` rather than by name (e.g., `use\n  zerocopy_derive::FromBytes`).\n\n- **`simd`**\n  When the `simd` feature is enabled, `FromZeros`, `FromBytes`, and\n  `IntoBytes` impls are emitted for all stable SIMD types which exist on the\n  target platform. Note that the layout of SIMD types is not yet stabilized,\n  so these impls may be removed in the future if layout changes make them\n  invalid. For more information, see the Unsafe Code Guidelines Reference\n  page on the [layout of packed SIMD vectors][simd-layout].\n\n- **`simd-nightly`**\n  Enables the `simd` feature and adds support for SIMD types which are only\n  available on nightly. Since these types are unstable, support for any type\n  may be removed at any point in the future.\n\n- **`float-nightly`**\n  Adds support for the unstable `f16` and `f128` types. These types are\n  not yet fully implemented and may not be supported on all platforms.\n\n[duplicate-import-errors]: https://github.com/google/zerocopy/issues/1587\n[simd-layout]: https://rust-lang.github.io/unsafe-code-guidelines/layout/packed-simd-vectors.html\n\n## Security Ethos\n\nZerocopy is expressly designed for use in security-critical contexts. We\nstrive to ensure that that zerocopy code is sound under Rust's current\nmemory model, and *any future memory model*. We ensure this by:\n- **...not 'guessing' about Rust's semantics.**\n  We annotate `unsafe` code with a precise rationale for its soundness that\n  cites a relevant section of Rust's official documentation. When Rust's\n  documented semantics are unclear, we work with the Rust Operational\n  Semantics Team to clarify Rust's documentation.\n- **...rigorously testing our implementation.**\n  We run tests using [Miri], ensuring that zerocopy is sound across a wide\n  array of supported target platforms of varying endianness and pointer\n  width, and across both current and experimental memory models of Rust.\n- **...formally proving the correctness of our implementation.**\n  We apply formal verification tools like [Kani][kani] to prove zerocopy's\n  correctness.\n\nFor more information, see our full [soundness policy].\n\n[Miri]: https://github.com/rust-lang/miri\n[Kani]: https://github.com/model-checking/kani\n[soundness policy]: https://github.com/google/zerocopy/blob/main/POLICIES.md#soundness\n\n## Relationship to Project Safe Transmute\n\n[Project Safe Transmute] is an official initiative of the Rust Project to\ndevelop language-level support for safer transmutation. The Project consults\nwith crates like zerocopy to identify aspects of safer transmutation that\nwould benefit from compiler support, and has developed an [experimental,\ncompiler-supported analysis][mcp-transmutability] which determines whether,\nfor a given type, any value of that type may be soundly transmuted into\nanother type. Once this functionality is sufficiently mature, zerocopy\nintends to replace its internal transmutability analysis (implemented by our\ncustom derives) with the compiler-supported one. This change will likely be\nan implementation detail that is invisible to zerocopy's users.\n\nProject Safe Transmute will not replace the need for most of zerocopy's\nhigher-level abstractions. The experimental compiler analysis is a tool for\nchecking the soundness of `unsafe` code, not a tool to avoid writing\n`unsafe` code altogether. For the foreseeable future, crates like zerocopy\nwill still be required in order to provide higher-level abstractions on top\nof the building block provided by Project Safe Transmute.\n\n[Project Safe Transmute]: https://rust-lang.github.io/rfcs/2835-project-safe-transmute.html\n[mcp-transmutability]: https://github.com/rust-lang/compiler-team/issues/411\n\n## MSRV\n\nSee our [MSRV policy].\n\n[MSRV policy]: https://github.com/google/zerocopy/blob/main/POLICIES.md#msrv\n\n## Changelog\n\nZerocopy uses [GitHub Releases].\n\n[GitHub Releases]: https://github.com/google/zerocopy/releases\n\n## Thanks\n\nZerocopy is maintained by engineers at Google with help from [many wonderful\ncontributors][contributors]. Thank you to everyone who has lent a hand in\nmaking Rust a little more secure!\n\n[contributors]: https://github.com/google/zerocopy/graphs/contributors\n\n## Disclaimer\n\nDisclaimer: Zerocopy is not an officially supported Google product.\n","funding_links":[],"categories":["Rust","rust","Libraries"],"sub_categories":["Unsafe"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fzerocopy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogle%2Fzerocopy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fzerocopy/lists"}