Automic VaultAutomic Vault

brew

Install cargo-fuzz with Homebrew, Nix, pacman

Command-line helpers for fuzzing. Version 0.13.2 via Homebrew; verified 2026-06-09.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install cargo-fuzz

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#cargo-fuzz

nixpkgs package indexes · pkgs/by-name/ca/cargo-fuzz/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S cargo-fuzz

Arch Linux sync databases · cargo-fuzz · source: geo.mirror.pkgbuild.com

overview

Package summary

Command-line helpers for fuzzing

Commands and aliases

  • cargo-fuzz

history

Project history and usage

cargo-fuzz is the standard Cargo subcommand for driving libFuzzer against Rust crates. It is part of the rust-fuzz project family and is documented by the Rust Fuzz Book as the recommended tool for fuzz testing Rust code.

The package matters because it made coverage-guided fuzzing feel like an ordinary Rust workflow: initialize a fuzz target, add test harnesses, run them through Cargo, minimize failing inputs, and generate coverage.

Project history

The cargo-fuzz repository and crate were created in February 2017, early in Rust's effort to make fuzz testing practical for library authors. The README describes it as a Cargo subcommand for fuzzing with libFuzzer, while the Rust Fuzz Book clarifies that cargo-fuzz invokes a fuzzer rather than being a fuzzer itself.

The tool standardized the `fuzz/` directory layout for Rust crates. `cargo fuzz init` creates a fuzzing project, `cargo fuzz add` creates targets, and `cargo fuzz run` executes them through libFuzzer via the libfuzzer-sys crate.

Adoption history

cargo-fuzz became the mainstream Rust path for libFuzzer-based testing because it followed Cargo conventions and came with an official guide. The Rust Fuzz Book places it alongside afl.rs but explicitly recommends cargo-fuzz for Rust code.

The rust-fuzz ecosystem also keeps a trophy-case repository for bugs found through fuzz testing, reinforcing cargo-fuzz as part of Rust's security and reliability culture rather than a standalone experiment.

How it is used

Typical usage begins with `cargo fuzz init`, then `cargo fuzz add <target>`, and then `cargo fuzz run <target>`. The README also documents commands for formatting generated inputs, minimizing a crashing testcase, minimizing corpora, and collecting coverage.

The README notes important platform constraints: libFuzzer needs LLVM sanitizer support, Unix-like operating systems for the primary workflow, a nightly compiler for unstable flags, and a C++11 compiler.

Why package nerds care

cargo-fuzz is one of the clearest examples of Cargo's subcommand model turning advanced compiler/runtime machinery into a discoverable package. It hides LLVM sanitizer and libFuzzer details behind a small command set that Rust maintainers can add to CI and security workflows.

For package-history work, it also marks a moment when fuzzing moved from specialist security tooling into normal Rust package maintenance.

Timeline

  • 2017-02-21: GitHub repository created and cargo-fuzz 0.1.0 published to crates.io.
  • 2017: Rust Fuzz Book documents cargo-fuzz as a recommended Rust fuzzing path.
  • 2020s: The tool grows commands for testcase minimization, corpus minimization, and coverage reporting.
  • 2026: Crate has more than 3 million crates.io downloads and remains active under rust-fuzz.

Related projects

  • libFuzzer is the fuzzing engine invoked by cargo-fuzz through libfuzzer-sys.
  • The Rust Fuzz Book also documents afl.rs as another Rust fuzzing tool.
  • rust-fuzz/trophy-case collects bugs found by cargo-fuzz and other fuzzing tools.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
fuzz/Cargo.toml

executables

Installed executables

CommandKindExposureNote
cargo-fuzzcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.13.2
manager updated2026-06-09
local dataok
upstreamcurrent
latest detected0.13.2

https://github.com/rust-fuzz/cargo-fuzz

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:cargo-fuzz
Version0.13.2
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/cargo-fuzz
Homepagehttps://rust-fuzz.github.io/book/cargo-fuzz.html
Repositoryhttps://github.com/rust-fuzz/cargo-fuzz
Upstream docshttps://rust-fuzz.github.io/book/cargo-fuzz.html
LicenseApache-2.0 AND MIT
Source archivehttps://github.com/rust-fuzz/cargo-fuzz/archive/refs/tags/0.13.2.tar.gz
Last updated2026-06-09T23:51:17Z
Pulseupdated
Build dependenciesrust
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namecargo-fuzz
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

cargo-fuzz

nix profile install nixpkgs#cargo-fuzz
  • normalized package name match
  • Matched by: Cargo Fuzz
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ca/cargo-fuzz/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
pacman95%

cargo-fuzz 0.13.1-3

Command line helpers for fuzzing rust

https://github.com/rust-fuzz/cargo-fuzz

sudo pacman -S cargo-fuzz
  • License: MIT AND Apache-2.0
  • Architecture: x86_64
  • 3 dependencies
  • normalized package name match
  • Matched by: Cargo Fuzz
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: cargo-fuzz from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment