Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/geiger-rs/cargo-geiger

Detects usage of unsafe Rust in a Rust crate and its dependencies.
https://github.com/geiger-rs/cargo-geiger

Last synced: 6 days ago
JSON representation

Detects usage of unsafe Rust in a Rust crate and its dependencies.

Host: GitHub
URL: https://github.com/geiger-rs/cargo-geiger
Owner: geiger-rs
Created: 2018-06-20T21:43:55.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2024-08-10T12:00:09.000Z (5 months ago)
Last Synced: 2025-01-04T00:48:41.698Z (11 days ago)
Language: Rust
Homepage: https://crates.io/crates/cargo-geiger
Size: 1.69 MB
Stars: 1,417
Watchers: 11
Forks: 67
Open Issues: 56
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md

Awesome Lists containing this project

awesome-rust - geiger - geiger/cargo-geiger/_apis/build/status/geiger-rs.cargo-geiger?branchName=master)](https://dev.azure.com/cargo-geiger/cargo-geiger/_build/latest?definitionId=1&branchName=master) (Development tools / Web Servers)
awesome-rust - geiger - A program that list statistics related to usage of unsafe code in a crate and all its dependencies [![Build Status](https://dev.azure.com/cargo-geiger/cargo-geiger/_apis/build/status/geiger-rs.cargo-geiger?branchName=master)](https://dev.azure.com/cargo-geiger/cargo-geiger/_build/latest?definitionId=1&branchName=master) (Development tools / Web Servers)
fucking-awesome-rust - geiger - A program that list statistics related to usage of unsafe code in a crate and all its dependencies [![Build Status](https://dev.azure.com/cargo-geiger/cargo-geiger/_apis/build/status/geiger-rs.cargo-geiger?branchName=master)](https://dev.azure.com/cargo-geiger/cargo-geiger/_build/latest?definitionId=1&branchName=master) (Development tools / Web Servers)

README

        cargo-geiger ☢️ 

===============

[![CI](https://github.com/geiger-rs/cargo-geiger/actions/workflows/ci.yml/badge.svg)](https://github.com/geiger-rs/cargo-geiger/actions/workflows/ci.yml)

[![unsafe forbidden](https://img.shields.io/badge/unsafe-forbidden-success.svg)](https://github.com/rust-secure-code/safety-dance/)

[![crates.io](https://img.shields.io/crates/v/cargo-geiger.svg)](https://crates.io/crates/cargo-geiger)

[![Crates.io](https://img.shields.io/crates/d/cargo-geiger?label=cargo%20installs)](https://crates.io/crates/cargo-geiger)

A tool that lists statistics related to the usage of unsafe Rust code in a Rust

crate and all its dependencies.

This cargo plugin was originally based on the code from two other projects:

*  and

* 

Installation

------------

Try to find and use a system-wide installed OpenSSL library:

```bash

cargo install --locked cargo-geiger

```

Or, build and statically link OpenSSL as part of the cargo-geiger executable:

```bash

cargo install --locked cargo-geiger --features vendored-openssl

```

Alternatively pre-built binary releases are available from [GitHub releases](https://github.com/geiger-rs/cargo-geiger/releases).

Usage

-----

1. Navigate to the same directory as the `Cargo.toml` you want to analyze.

2. `cargo geiger`

Intended Use

------------

This tool is not meant to advise directly whether the code ultimately is truly insecure or not.

The purpose of cargo-geiger is to provide statistical input to auditing e.g. with:

- [cargo-crev](https://crates.io/crates/cargo-crev)

- [safety-dance](https://github.com/rust-secure-code/safety-dance)

The use of unsafe is nuanced and necessary in some cases and any motivation to use it is outside the scope of cargo-geiger.

It is important that any reporting is handled with care:

- [Reddit: The Stigma around Unsafe](https://www.reddit.com/r/rust/comments/y1u068/the_stigma_around_unsafe/)

- [YouTube: Rust NYC: Jon Gjengset - Demystifying unsafe code](https://youtu.be/QAz-maaH0KM)

- [Rust-lang: WG Unsafe Code Guidelines](https://github.com/rust-lang/unsafe-code-guidelines)

Output example

--------------

![Example output](https://user-images.githubusercontent.com/3704611/53132247-845f7080-356f-11e9-9c76-a9498d4a744b.png)

Known issues

------------

 - See the [issue tracker](https://github.com/rust-secure-code/cargo-geiger/issues).

Libraries

---------

Cargo Geiger exposes three libraries:

 - `cargo-geiger` - Unversioned and highly unstable library exposing the internals of the `cargo-geiger` binary. As such, any function contained within this library may be subject to change.

 - `cargo-geiger-serde` - A library containing the serializable report types

 - `geiger` - A library containing a few decoupled [cargo] components used by [cargo-geiger]

Changelog

---------

See the [changelog].

[cargo]: https://crates.io/crates/cargo

[cargo-geiger]: https://crates.io/crates/cargo-geiger

[changelog]: https://github.com/rust-secure-code/cargo-geiger/blob/master/CHANGELOG.md

Why the name?

-------------

Unsafe code, like ionizing radiation, is unavoidable in some situations and should be safely contained!