macOS
brew install cargo-geigerlocal Homebrew formula metadata
brew
Detects usage of unsafe Rust in a Rust crate and its dependencies. Version 0.13.0 via Homebrew; verified 2026-06-22.
install
brew install cargo-geigerlocal Homebrew formula metadata
sudo apk add cargo-geigerAlpine Linux edge package indexes · cargo-geiger · source: dl-cdn.alpinelinux.org
nix profile install nixpkgs#cargo-geigernixpkgs package indexes · pkgs/by-name/ca/cargo-geiger/package.nix · source: api.github.com
sudo pacman -S cargo-geigerArch Linux sync databases · cargo-geiger · source: geo.mirror.pkgbuild.com
overview
Detects usage of unsafe Rust in a Rust crate and its dependencies
history
cargo-geiger is a Cargo subcommand that reports unsafe Rust usage in a crate and its dependency graph. Its name references a Geiger counter: unsafe code is treated as something worth detecting, measuring, and containing.
The project is intentionally framed as audit input, not an automatic security verdict. Its README warns that unsafe usage is nuanced and that reports should be handled carefully.
The cargo-geiger repository and crate were created in June 2018. The README says the tool was originally based on code from cargo-osha and cargo-tree, combining unsafe-code scanning with dependency-tree traversal.
Over time the project split reusable pieces into library crates, including `geiger` and `cargo-geiger-serde`. The changelog records substantial dependency-graph work in 0.11.0 using cargo_metadata and JSON/report serialization improvements.
cargo-geiger found a niche in Rust security review and supply-chain auditing, especially among developers interested in minimizing or documenting unsafe code in dependencies.
The README points users toward cargo-crev and safety-dance as audit contexts where cargo-geiger statistics can help. That positioning kept it from becoming a simplistic 'unsafe equals bad' badge while still making unsafe usage visible.
Usage is intentionally simple: run `cargo geiger` from the directory containing the `Cargo.toml` to analyze. The tool reports unsafe-code statistics for the crate and dependencies.
The README documents installation with `cargo install --locked cargo-geiger`, an optional vendored OpenSSL build, and prebuilt GitHub releases.
cargo-geiger is package-nerd significant because it made unsafe-code exposure a transitive package property that could be inspected like licenses, advisories, or dependency trees.
It also shows Rust's audit culture maturing: package metadata alone is not enough, so tools emerged to summarize source-level risk signals across the dependency graph.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
cargo-geiger | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/geiger-rs/cargo-geiger
install metadata
| Package key | brew:cargo-geiger |
|---|---|
| Version | 0.13.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/cargo-geiger |
| Homepage | https://github.com/geiger-rs/cargo-geiger |
| Repository | https://github.com/geiger-rs/cargo-geiger |
| Upstream docs | https://github.com/geiger-rs/cargo-geiger#readme |
| License | Apache-2.0 OR MIT |
| Source archive | https://github.com/geiger-rs/cargo-geiger/archive/refs/tags/cargo-geiger-0.13.0.tar.gz |
| Last updated | 2026-06-22T14:02:57-07:00 |
| Pulse | updated |
| Dependencies | openssl@3 |
| Build dependencies | pkgconf, rust |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | cargo-geiger |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
cargo-geiger
nix profile install nixpkgs#cargo-geigercargo-geiger 0.13.0-r0
Detects usage of unsafe Rust in a Rust crate and its dependencies.
https://github.com/geiger-rs/cargo-geiger
sudo apk add cargo-geigercargo-geiger-doc 0.13.0-r0
Detects usage of unsafe Rust in a Rust crate and its dependencies. (documentation)
https://github.com/geiger-rs/cargo-geiger
sudo apk add cargo-geiger-doccargo-geiger 0.13.0-1
Detects usage of unsafe Rust in a Rust crate and its dependencies
https://github.com/rust-secure-code/cargo-geiger
sudo pacman -S cargo-geigersource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.