macOS
brew install cargo-denylocal Homebrew formula metadata
brew
Cargo plugin for linting your dependencies. Version 0.19.9 via Homebrew; verified 2026-06-15.
install
brew install cargo-denylocal Homebrew formula metadata
sudo apk add cargo-denyAlpine Linux edge package indexes · cargo-deny · source: dl-cdn.alpinelinux.org
sudo dnf install cargo-denyFedora Rawhide package metadata · cargo-deny · source: dl.fedoraproject.org
nix profile install nixpkgs#cargo-denynixpkgs package indexes · pkgs/by-name/ca/cargo-deny/package.nix · source: api.github.com
sudo pacman -S cargo-denyArch Linux sync databases · cargo-deny · source: geo.mirror.pkgbuild.com
overview
Cargo plugin for linting your dependencies
history
cargo-deny is an Embark Studios Cargo plugin for linting Rust dependency graphs. It checks advisories, license policy, banned crates, duplicate versions, and allowed package sources from a project-level deny.toml file.
Embark Studios created the repository and published the crate in May 2019. The README frames cargo-deny as an open-source release of a tool Embark uses internally, with a dedicated book for in-depth documentation.
The project grew into one of the standard Rust dependency-policy tools, with docs organized around checks for licenses, bans, advisories, and sources. Its repository topics and README both present it as a Cargo subcommand for dependency linting.
cargo-deny has broad adoption for Rust CI because it covers policy decisions that Cargo itself intentionally does not enforce: which licenses are acceptable, whether multiple versions are allowed, whether vulnerable advisories should fail builds, and which registries or git sources are trusted.
The tool is packaged in apk, Homebrew, dnf, Nix, and pacman, and crates.io metadata shows more than four million downloads by June 2026. The README also points to cargo-deny-action for GitHub Actions use.
The quickstart is `cargo install --locked cargo-deny && cargo deny init && cargo deny check`. The init command creates a deny.toml template in the current working directory unless a path is supplied.
Users commonly run `cargo deny check` in CI, or run targeted checks such as `cargo deny check licenses`, `cargo deny check bans`, `cargo deny check advisories`, and `cargo deny check sources`.
cargo-deny is package-nerd infrastructure because it makes dependency policy executable. Instead of tracking license allowlists, source restrictions, duplicate-version rules, and advisories in prose, teams can encode them in deny.toml and fail builds consistently.
It is also an example of Cargo's external-tool model handling ecosystem governance concerns without bloating Cargo itself.
security posture
No matching local secret-handling manifest was found for cargo-deny. Nucleus package metadata is still published here so future coverage has a stable package URL.
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
<cwd>/deny.tomlexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
cargo-deny | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/EmbarkStudios/cargo-deny
install metadata
| Package key | brew:cargo-deny |
|---|---|
| Version | 0.19.9 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/cargo-deny |
| Homepage | https://github.com/EmbarkStudios/cargo-deny |
| Repository | https://github.com/EmbarkStudios/cargo-deny |
| Upstream docs | https://embarkstudios.github.io/cargo-deny |
| License | Apache-2.0 OR MIT |
| Source archive | https://github.com/EmbarkStudios/cargo-deny/archive/refs/tags/0.19.9.tar.gz |
| Last updated | 2026-06-15T16:13:41Z |
| Pulse | updated |
| Build dependencies | pkgconf, rust |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | cargo-deny |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
cargo-deny
nix profile install nixpkgs#cargo-denycargo-deny 0.18.6-r0
Cargo plugin for linting your dependencies
https://github.com/EmbarkStudios/cargo-deny
sudo apk add cargo-denycargo-deny 0.18.9-5.fc45
Cargo plugin to help you manage large dependency graphs
https://crates.io/crates/cargo-deny
sudo dnf install cargo-denycargo-deny 0.19.8-1
Cargo plugin for linting your dependencies
https://github.com/EmbarkStudios/cargo-deny
sudo pacman -S cargo-denysource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.