# Install cargo-crev with Homebrew, apk, Nix, pacman

Code review system for the cargo package manager. Version 0.27.1 via Homebrew; verified 2026-06-22.

## Install

```sh
sudo av install brew:cargo-crev
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install cargo-crev
```

  Evidence: local Homebrew formula metadata

### Linux

- apk (92%):

```sh
sudo apk add cargo-crev
```

  Evidence: Alpine Linux edge package indexes: cargo-crev from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz

- Nix (92%):

```sh
nix profile install nixpkgs#cargo-crev
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ca/cargo-crev/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S cargo-crev
```

  Evidence: Arch Linux sync databases: cargo-crev from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

## Package facts

- **Package key:** brew:cargo-crev
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/cargo-crev>
- **Version:** 0.27.1
- **Source summary:** Code review system for the cargo package manager
- **Homepage:** <https://github.com/crev-dev/cargo-crev>
- **Repository:** <https://github.com/crev-dev/cargo-crev>
- **Upstream docs:** <https://github.com/crev-dev/cargo-crev#readme>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/crev-dev/cargo-crev/archive/refs/tags/v0.27.1.tar.gz>
- **Last updated:** 2026-06-22T14:02:57-07:00
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- cargo-crev (cli)
- cargo-crev (alias)

## Dependencies

- openssl@3

## Build dependencies

- rust

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.27.1
- Package-manager updated: 2026-06-22
- Local data: ok
- Upstream repository: https://github.com/crev-dev/cargo-crev
- Upstream latest detected: v0.27.1 (current)
## Project history and usage

cargo-crev is a cryptographically verifiable code-review and trust tool for Cargo dependencies. It implements the broader Crev idea for Rust by letting users publish package reviews, consume reviews from others, and build a web of trust around crates.

### Project history

The repository was created in 2018 and the README describes Crev as a language- and ecosystem-agnostic distributed code-review system. cargo-crev is the Cargo-integrated command-line implementation for Rust users.

Early project history is tied to the dpc/crev lineage; later changelog entries and repository organization show the project under crev-dev/cargo-crev, with continued releases and documentation for trust, package review, verification, and proof repositories.

### Adoption history

cargo-crev emerged during growing Rust concern over transitive dependency trust and supply-chain review. Its adoption is more cultural than universal: the README asks supportive projects to recommend it, while package-manager availability in apk, Homebrew, Nix, and pacman makes it accessible to security-minded developers.

The tool has remained active through 2026. The changelog records later features such as exporting toward cargo-vet workflows and AI-assisted review-loop commands, showing that it continues to adapt to Rust supply-chain review practice.

### How it is used

Users initialize an identity and proof repository, review crates, publish signed proofs, fetch other users' proofs, and run verification commands against project dependencies. The tool can warn about untrustworthy crates, report dependency metrics, and help identify dependency bloat.

Unlike scanners that only consume centralized advisories, cargo-crev is built around human review statements and trust delegation. That makes it useful when a team wants auditable social trust, not only vulnerability matching.

### Why package nerds care

cargo-crev is one of the Rust ecosystem's most explicit attempts to make package trust a first-class artifact. It treats reviews as distributed, cryptographically verifiable package metadata rather than comments trapped in a website or issue tracker.

For package-history work, it is important because it documents an alternative path for supply-chain security: reviewer reputation, signed proofs, and webs of trust alongside registries and vulnerability databases.

### Timeline

- 2018: GitHub repository created.
- 2018: crates.io records the first cargo-crev publication.
- 2022: Changelog records proof storage moving toward data directories and new web-of-trust diagnostics.
- 2025: Changelog records crevette export support toward cargo-vet.
- 2026: Changelog records 0.27.x releases adding AI review-loop commands and Rust 2024 edition work.

### Related projects

- Crev is the ecosystem-agnostic distributed code-review system that cargo-crev implements for Cargo.
- cargo-vet is a related Rust supply-chain review tool, and the cargo-crev changelog mentions crevette export support toward cargo-vet.
- RustSec-style advisory databases address vulnerability matching, while cargo-crev focuses on signed human trust and review proofs.

### Sources

- <https://api.github.com/repos/crev-dev/cargo-crev>
- <https://crates.io/api/v1/crates/cargo-crev>
- <https://github.com/crev-dev/cargo-crev/blob/main/cargo-crev/CHANGELOG.md>
- <https://github.com/crev-dev/cargo-crev/blob/main/cargo-crev/README.md>


## Security Notes

infrastructure mutation or orchestration signal.

- **Geiger risk:** orange / medium
- infrastructure mutation or orchestration signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: ~/.config/crev/proofs/<proof-repository-id>
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** cargo-crev
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Nix - cargo-crev: normalized package name match | nixpkgs package indexes: pkgs/by-name/ca/cargo-crev/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- apk - cargo-crev - 0.26.3-r0: normalized package name match | Alpine Linux edge package indexes: cargo-crev from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Cryptographically verifiable code review system for cargo | https://github.com/crev-dev/cargo-crev
- pacman - cargo-crev - 0.27.1-2: normalized package name match | Arch Linux sync databases: cargo-crev from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Scalable, social, Code REView and recommendation system that we desperately need | https://github.com/crev-dev/cargo-crev


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Package publisher tools](https://www.automicvault.com/pkg/package-publishers/) - Belongs to a package publishing or registry command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [openssl@3](https://www.automicvault.com/pkg/brew/openssl-3/) - Runtime dependency declared by Homebrew.
- [rust](https://www.automicvault.com/pkg/brew/rust/) - Build dependency declared by Homebrew.
- [cargo-auditable](https://www.automicvault.com/pkg/brew/cargo-auditable/) - Shares av.db curated category or tags: cargo, cli, developer-tools, rust.
- [cargo-binstall](https://www.automicvault.com/pkg/brew/cargo-binstall/) - Shares av.db curated category or tags: cargo, cli, developer-tools, rust.
- [cargo-binutils](https://www.automicvault.com/pkg/brew/cargo-binutils/) - Shares av.db curated category or tags: cargo, cli, developer-tools, rust.
- [cargo-bloat](https://www.automicvault.com/pkg/brew/cargo-bloat/) - Shares av.db curated category or tags: cargo, cli, developer-tools, rust.
- [cargo-bundle](https://www.automicvault.com/pkg/brew/cargo-bundle/) - Shares av.db curated category or tags: cargo, cli, developer-tools, rust.
- [cargo-c](https://www.automicvault.com/pkg/brew/cargo-c/) - Shares av.db curated category or tags: cargo, cli, developer-tools, rust.
- [cargo-cache](https://www.automicvault.com/pkg/brew/cargo-cache/) - Shares av.db curated category or tags: cargo, cli, developer-tools, rust.
- [cargo-careful](https://www.automicvault.com/pkg/brew/cargo-careful/) - Shares av.db curated category or tags: cargo, cli, developer-tools, rust.
- [cargo-clone](https://www.automicvault.com/pkg/brew/cargo-clone/) - Both packages touch the same language runtime or ecosystem. Shared terms: cargo, cli, code, developer, developer-tools.
- [cargo-outdated](https://www.automicvault.com/pkg/brew/cargo-outdated/) - Both packages touch the same language runtime or ecosystem. Shared terms: cargo, cli, developer, developer-tools, openssl.

## Combined YAML source

View the package source record on GitHub. [combined/cargo-crev.yml](https://github.com/automic-vault/db/blob/main/combined/cargo-crev.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
