Automic VaultAutomic Vault

brew

Install cargo-bloat with Homebrew, apk, Nix, pacman

Find out what takes most of the space in your executable. Version 0.12.1 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install cargo-bloat

local Homebrew formula metadata

Linux

Alpine Linux apkverified · 92%
sudo apk add cargo-bloat

Alpine Linux edge package indexes · cargo-bloat · source: dl-cdn.alpinelinux.org

Nixverified · 92%
nix profile install nixpkgs#cargo-bloat

nixpkgs package indexes · pkgs/by-name/ca/cargo-bloat/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S cargo-bloat

Arch Linux sync databases · cargo-bloat · source: geo.mirror.pkgbuild.com

overview

Package summary

Find out what takes most of the space in your executable

Commands and aliases

  • cargo-bloat

history

Project history and usage

cargo-bloat is a Cargo subcommand for explaining where compiled Rust binary size goes. It analyzes release artifacts and reports the largest functions or crates contributing to executable text size.

Project history

Yevhenii Reizner's cargo-bloat repository was created in January 2018, and version 0.1.0 was published to crates.io a few days later. The README describes the package as a way to find what takes most of the space in an executable, with support for ELF, Mach-O, and PE binaries.

The project was explicitly inspired by Google's Bloaty binary size profiler while adopting a Rust/Cargo-specific interface. Over later releases it added and kept options such as per-crate views, filtering, splitting standard-library crates, full function names, wide output, and JSON output.

Adoption history

cargo-bloat spread because Rust developers regularly need size explanations for CLI tools, embedded-adjacent binaries, WebAssembly-adjacent investigations, and release optimization. Crates.io places it in the Cargo plugins category and reports more than 360,000 downloads.

Its package-manager footprint is broader than a one-off Cargo plugin: the input records Homebrew, Alpine, Nix, and Arch packaging. That matters because size-analysis tools are often installed globally on developer machines and CI images rather than vendored into projects.

How it is used

The common path is `cargo install cargo-bloat` and then `cargo bloat --release -n 10` to list the largest functions in the release build. `cargo bloat --release --crates` switches the view to crate-level contribution.

The README emphasizes that per-crate numbers are estimates, not exact accounting. It also notes that WebAssembly is not supported and points users toward twiggy for that use case.

Why package nerds care

cargo-bloat is a classic package-nerd tool because it turns compiler output into a ranked table that directly informs dependency choices. It is one of the Rust ecosystem's small, sharp CLI packages that makes invisible package cost visible.

Its relationship to Bloaty and twiggy also shows how Rust packaging borrowed from general binary-analysis culture while building Cargo-native workflows for Rust developers.

Timeline

  • 2018-01-07: GitHub repository RazrFalcon/cargo-bloat was created.
  • 2018-01-11: cargo-bloat 0.1.0 was published on crates.io.
  • 2018-2020: The 0.2 through 0.10 releases iterated quickly on Cargo-plugin binary-size reporting.
  • 2022-06-04: Version 0.11.1 was published.
  • 2024-05-10: Version 0.12.1 was published.

Related projects

  • google/bloaty is cited by the README as an inspiration.
  • rustwasm/twiggy is recommended by the README for WebAssembly size analysis.
  • Cargo's plugin mechanism provides the `cargo bloat` subcommand interface.

Sources

  • GitHub repository API metadata: https://api.github.com/repos/RazrFalcon/cargo-bloat
  • Official README: https://github.com/RazrFalcon/cargo-bloat#readme
  • Package-manager adoption from source_facts.package-manager.
  • crates.io API metadata and versions: https://crates.io/api/v1/crates/cargo-bloat

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 10 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
cargo-bloatcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.12.1
manager updated
local dataok
upstreamcurrent
latest detectedv0.12.1

https://github.com/RazrFalcon/cargo-bloat

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:cargo-bloat
Version0.12.1
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/cargo-bloat
Homepagehttps://github.com/RazrFalcon/cargo-bloat
Repositoryhttps://github.com/RazrFalcon/cargo-bloat
Upstream docshttps://github.com/RazrFalcon/cargo-bloat#readme
LicenseMIT
Source archivehttps://github.com/RazrFalcon/cargo-bloat/archive/refs/tags/v0.12.1.tar.gz
Build dependenciesrust
Bottleavailable (on arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, monterey, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namecargo-bloat
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

cargo-bloat

nix profile install nixpkgs#cargo-bloat
  • normalized package name match
  • Matched by: Cargo Bloat
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ca/cargo-bloat/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
apk95%

cargo-bloat 0.12.1-r0

Find out what takes most of the space in your Rust executable

https://github.com/RazrFalcon/cargo-bloat

sudo apk add cargo-bloat
  • License: MIT
  • Architecture: x86_64
  • Source Package: cargo-bloat
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Cargo Bloat
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: cargo-bloat from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
pacman95%

cargo-bloat 0.12.1-2

Find out what takes most of the space in your executable

https://github.com/RazrFalcon/cargo-bloat

sudo pacman -S cargo-bloat
  • License: MIT
  • Architecture: x86_64
  • 3 dependencies
  • normalized package name match
  • Matched by: Cargo Bloat
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: cargo-bloat from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment