macOS
brew install cargo-crevlocal Homebrew formula metadata
brew
Code review system for the cargo package manager. Version 0.27.1 via Homebrew; verified 2026-06-22.
install
brew install cargo-crevlocal Homebrew formula metadata
sudo apk add cargo-crevAlpine Linux edge package indexes · cargo-crev · source: dl-cdn.alpinelinux.org
nix profile install nixpkgs#cargo-crevnixpkgs package indexes · pkgs/by-name/ca/cargo-crev/package.nix · source: api.github.com
sudo pacman -S cargo-crevArch Linux sync databases · cargo-crev · source: geo.mirror.pkgbuild.com
overview
Code review system for the cargo package manager
history
cargo-crev is a cryptographically verifiable code-review and trust tool for Cargo dependencies. It implements the broader Crev idea for Rust by letting users publish package reviews, consume reviews from others, and build a web of trust around crates.
The repository was created in 2018 and the README describes Crev as a language- and ecosystem-agnostic distributed code-review system. cargo-crev is the Cargo-integrated command-line implementation for Rust users.
Early project history is tied to the dpc/crev lineage; later changelog entries and repository organization show the project under crev-dev/cargo-crev, with continued releases and documentation for trust, package review, verification, and proof repositories.
cargo-crev emerged during growing Rust concern over transitive dependency trust and supply-chain review. Its adoption is more cultural than universal: the README asks supportive projects to recommend it, while package-manager availability in apk, Homebrew, Nix, and pacman makes it accessible to security-minded developers.
The tool has remained active through 2026. The changelog records later features such as exporting toward cargo-vet workflows and AI-assisted review-loop commands, showing that it continues to adapt to Rust supply-chain review practice.
Users initialize an identity and proof repository, review crates, publish signed proofs, fetch other users' proofs, and run verification commands against project dependencies. The tool can warn about untrustworthy crates, report dependency metrics, and help identify dependency bloat.
Unlike scanners that only consume centralized advisories, cargo-crev is built around human review statements and trust delegation. That makes it useful when a team wants auditable social trust, not only vulnerability matching.
cargo-crev is one of the Rust ecosystem's most explicit attempts to make package trust a first-class artifact. It treats reviews as distributed, cryptographically verifiable package metadata rather than comments trapped in a website or issue tracker.
For package-history work, it is important because it documents an alternative path for supply-chain security: reviewer reputation, signed proofs, and webs of trust alongside registries and vulnerability databases.
security posture
infrastructure mutation or orchestration signal.
orange risk · medium confidence · infrastructure
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
~/.config/crev/proofs/<proof-repository-id>executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
cargo-crev | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/crev-dev/cargo-crev
install metadata
| Package key | brew:cargo-crev |
|---|---|
| Version | 0.27.1 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/cargo-crev |
| Homepage | https://github.com/crev-dev/cargo-crev |
| Repository | https://github.com/crev-dev/cargo-crev |
| Upstream docs | https://github.com/crev-dev/cargo-crev#readme |
| License | Apache-2.0 |
| Source archive | https://github.com/crev-dev/cargo-crev/archive/refs/tags/v0.27.1.tar.gz |
| Last updated | 2026-06-22T14:02:57-07:00 |
| Pulse | updated |
| Dependencies | openssl@3 |
| Build dependencies | rust |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | cargo-crev |
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
cargo-crev
nix profile install nixpkgs#cargo-crevcargo-crev 0.26.3-r0
Cryptographically verifiable code review system for cargo
https://github.com/crev-dev/cargo-crev
sudo apk add cargo-crevcargo-crev 0.27.1-2
Scalable, social, Code REView and recommendation system that we desperately need
https://github.com/crev-dev/cargo-crev
sudo pacman -S cargo-crevsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.