Installs Rust binaries from pre-built GitHub release artifacts instead of compiling from source, turning a multi-minute cargo install into a download. Falls back to building from source when no prebuilt binary is published.

Reach for it in CI and on dev machines to install tools fast. Skip it if you need a build from source for provenance/audit reasons, or for crates that ship no release binaries (where it gains you nothing over cargo install).

The official Rust toolchain installer and version manager. Installs and switches between stable, beta, and nightly toolchains, manages components (clippy, rustfmt, rust-src) and cross-compilation targets, and pins a per-project toolchain via rust-toolchain.toml.

Effectively mandatory: almost every other tool here assumes a rustup-managed toolchain. The only time you'd skip it is a fully pinned distro/Nix or CI image that provisions toolchains some other way.

Speeds up Docker builds by caching your dependency compilation as a separate, stable image layer. It computes a recipe.json from your manifests, cooks the dependencies once, and only rebuilds them when Cargo.toml/Cargo.lock change — so editing application code no longer recompiles the whole tree.

Specifically a Docker/CI optimization. It does nothing for local cargo build, and outside containerized builds you want sccache or plain incremental builds instead.

A compiler cache (think ccache for Rust) that caches compilation artifacts locally or in shared storage (S3, GCS, Redis, memcached). Set it as your RUSTC_WRAPPER to share build outputs across branches, machines, and CI runs.

Big wins on CI and large teams. Less useful for a single dev with a warm local target/ (incremental compilation already covers you), and shared caches add network/storage setup you may not want for small projects.

Adds dependency-editing subcommands to Cargo. cargo add and cargo rm are now built into Cargo itself, but cargo-edit still provides cargo upgrade (bump dependencies in Cargo.toml to the latest compatible — or --incompatible — versions) and cargo set-version.

Mostly you only need it today for cargo upgrade. If you just want to add or remove a dependency, use the built-in cargo add/cargo remove and skip this.

Finds dependencies declared in Cargo.toml that are never used, by scanning source files for references to each crate. It runs on stable Rust without compiling the project, which makes it fast enough for CI gates and large workspaces.

Because the analysis is heuristic (text-based), it can produce false positives for crates used only via macros or re-exports; mark those with ignored = [...] under [package.metadata.cargo-machete]. For a precise but slower, nightly-only check, use cargo-udeps.

Finds unused dependencies by inspecting actual compiler output, so it knows which crates were genuinely linked rather than guessing from source text. This makes it more accurate than heuristic scanners, catching cases that pure text analysis misses and avoiding some false positives.

The tradeoff is that it requires a nightly toolchain and a full build, so it is slower. If you want a stable, fast check for everyday CI, prefer cargo-machete and keep cargo-udeps for periodic deep audits.

Displays a table of dependencies that have newer versions available, comparing what is resolved in Cargo.lock against the latest releases on crates.io. It distinguishes between updates allowed by your current version requirements and those that need a manual Cargo.toml bump (SemVer-incompatible).

Run cargo outdated -R to limit the report to root dependencies. It only reports and never edits your manifest, so reach for cargo upgrade (from cargo-edit) when you actually want to apply the bumps.

Checks which dependencies can be upgraded to newer SemVer-incompatible versions, accounting for the whole dependency graph so it only suggests upgrades that can actually resolve. This avoids the false positives you get from naively comparing against the latest crates.io release.

Use it as a sanity check before bumping version requirements. It reports only; pair it with cargo upgrade from cargo-edit to apply changes. Overlaps heavily with cargo-outdated, so most projects need just one.

A property-based testing library: instead of hand-writing example inputs, you describe properties that should hold for all inputs and let proptest generate many cases. When a case fails it automatically shrinks the input to a minimal failing example and persists it to a regression file so failures stay reproducible.

Its Strategy-based generators compose well for structured and constrained data, going beyond simple type-driven generation. Compared to quickcheck, it is more flexible but more verbose; reach for quickcheck when you want a lighter, type-directed approach.

A snapshot testing library that records the output of a value (debug, JSON, YAML, RON, or plain strings) to a file and fails when it later changes. This is ideal for asserting on large or structured outputs where writing explicit expected values by hand is tedious.

Its companion cargo-insta adds cargo insta review for interactively accepting or rejecting diffs, plus inline snapshots embedded in source. Use it for serialization, parser, and rendering output; for small scalar assertions a plain assert_eq! is clearer and avoids a separate review step.

A next-generation test runner that executes each test in its own process for isolation, runs them in parallel with a clean summary output, and is typically faster than cargo test on larger suites. It adds practical features like automatic retries for flaky tests, per-test timeouts, and JUnit output for CI.

Run it with cargo nextest run. Note it does not run doctests, so you still need cargo test --doc for those. Tests that assume they share a process (for example relying on global state set by another test) may need adjustment under its process-per-test model.

Collects source-based code coverage using LLVM's instrumentation (-C instrument-coverage), giving accurate line and region coverage that maps back to your source. It handles the gcov/profdata plumbing for you and can emit lcov, HTML, or Cobertura reports, and integrates with cargo nextest.

It works across the major platforms Rust's LLVM coverage supports and is the current go-to for accurate coverage. It needs the llvm-tools-preview rustup component; the older cargo-tarpaulin is an alternative with different platform tradeoffs.

Scaffolds and drives coverage-guided fuzzing targets backed by libFuzzer. You write a fuzz_target! that feeds arbitrary bytes into your code, and cargo fuzz run mutates inputs to maximize coverage and surface panics, memory errors, and crashes, saving any reproducer it finds.

It links libFuzzer through the compiler's sanitizer support and therefore requires a nightly toolchain. For an AFL-style engine instead, see the afl crate (cargo-afl). Fuzzing complements, rather than replaces, unit and property tests.

A code coverage tool for Rust that reports line coverage and uploads cleanly to services like Codecov and Coveralls. It was the long-standing default for CI coverage and remains widely used and simple to invoke with cargo tarpaulin.

Its mature Ptrace-based engine is Linux/x86_64-focused, though it now also offers an LLVM-based backend. If you need accurate source-based coverage across more platforms, cargo-llvm-cov is generally the better fit today.

Lints a crate's public API for SemVer-violating changes between releases, catching breaking changes that would require a major version bump.

Run cargo semver-checks before publishing to verify your version bump matches the actual API surface. It analyzes the API for breakage but cannot detect behavioral or semantic changes, so it complements rather than replaces tests.

The official Rust linter, providing 700+ lints that catch correctness issues, performance pitfalls, and unidiomatic code beyond what rustc reports.

Installed as a rustup component with rustup component add clippy and run via cargo clippy. Effectively mandatory in CI as cargo clippy -- -D warnings to fail the build on any lint. Not a formatter; pair it with rustfmt for style.

A TOML toolkit providing a formatter, linter, and language server for TOML files such as Cargo.toml and rustfmt.toml.

Install with the taplo-cli crate and run taplo fmt or taplo lint; use taplo fmt --check in CI. Reach for it to keep config files tidy and validated against schemas. It handles TOML only, so pair it with rustfmt for Rust source.

The official Rust code formatter, applying a consistent style across a codebase so diffs stay focused on real changes rather than whitespace.

Installed as a rustup component with rustup component add rustfmt and run via cargo fmt. Use cargo fmt --check in CI to enforce formatting without writing files. It formats Rust source only; use taplo for Cargo.toml and other TOML.

Scans Cargo.lock for dependencies with known vulnerabilities reported in the RustSec advisory database.

Run cargo audit in CI to fail builds when a vulnerable or yanked crate enters the dependency tree. It checks advisories only; for license, source, and duplicate-crate policy use cargo-deny, which subsumes this functionality.

A policy linter for your dependency graph, checking security advisories, license compliance, banned or duplicate crates, and allowed source registries.

Configure rules in deny.toml and run cargo deny check in CI. Broader than cargo-audit, which covers only advisories. Reach for it when you need to enforce organizational policy across all four areas in one pass.

Embeds the exact dependency list into compiled binaries so they can be audited after the fact, even without the original source or Cargo.lock.

Build with cargo auditable build --release, then scan the artifact later with cargo audit bin. Useful for distributing binaries whose provenance must remain verifiable. It records dependencies; it does not itself detect vulnerabilities.

A supply-chain tool to record and enforce that each dependency has been human-reviewed, storing audit records that can be shared across an organization.

Run cargo vet in CI to require that new or updated crates have a recorded audit before they are accepted. Designed for teams that perform source review; it tracks human judgment rather than scanning for known vulnerabilities like cargo-audit. Overkill for a small solo project.

Audits your dependency tree for unsafe code, reporting how many unsafe expressions each crate contains so you can gauge how much of your supply chain relies on it. Useful for security reviews and for projects that aim to minimize unsafe surface area.

Treat the counts as a heuristic, not a verdict: unsafe is not inherently a bug, and the tool can struggle with some macro-heavy crates. Note its maintenance has been intermittent — verify it builds against current toolchains before relying on it in CI.

A statistics-driven microbenchmarking library for in-process Rust functions. It collects many samples, estimates confidence intervals, and detects performance regressions between runs, all on stable Rust.

Prefer it over the unstable built-in #[bench] harness when you need reliable numbers without nightly. If you want a lighter, faster-to-compile alternative look at divan; to benchmark whole commands rather than functions use hyperfine.

Generates flamegraphs from a single cargo flamegraph invocation, wrapping perf on Linux and dtrace on macOS/Windows to sample stacks and render an interactive SVG.

Reach for it when you need a quick visual of where wall-clock time goes across a whole binary. It profiles a complete run, so for fine-grained, statistically sound timing of individual functions use criterion instead, and for an interactive UI consider samply.

A command-line benchmarking tool that runs a program many times, performs warmup runs, and reports mean/stddev with statistical analysis and outlier detection. Supports parameterized runs and exporting results to JSON/CSV/Markdown.

Use it to compare whole programs or shell commands (e.g. two CLI builds) under realistic conditions. It measures process start-to-finish time, so it cannot profile in-process functions; for that use criterion or divan.

A cross-platform sampling profiler: samply record <cmd> captures a profile and opens it in the Firefox Profiler web UI, giving you a call tree, stack charts, and timeline without leaving the browser.

Good when you want interactive exploration of where time is spent across a whole process. For a static, shareable SVG instead use cargo-flamegraph, and for precise per-function timing use criterion.

Prints the source of your crate after macro expansion, so you can see exactly what derive, macro_rules!, and proc-macros generate. Invaluable for debugging macros and understanding surprising compiler errors.

It shells out to the compiler's expansion mode, which requires a nightly rustc to run (rustup toolchain install nightly), even if your project otherwise uses stable. Not a code generator: it only shows expansion, it does not modify your sources.

A diagnostics and debugging TUI for async Rust. It connects to a running tokio app (via the console-subscriber instrumentation) and shows live per-task state, poll times, wakers, and resource usage — making it possible to spot tasks that are stuck, busy-looping, or never waking.

Indispensable for diagnosing async stalls and runaway tasks. It requires adding the subscriber and building with tokio_unstable, so it's a development-time tool, not something you ship. For CPU/wall-clock hotspots in sync code, reach for a sampling profiler like samply instead.

Shows the assembly, LLVM IR, MIR, or WASM the compiler generates for a chosen function via cargo asm. Lets you confirm that optimizations (inlining, vectorization, bounds-check elimination) actually happened.

Use it when you need to inspect codegen at the instruction level for a specific function. To see source after macro expansion instead use cargo-expand, and to profile real runtime behavior use samply or cargo-flamegraph.

Builds searchable online books from a set of Markdown files; it powers The Rust Book and most official Rust documentation.

Run mdbook build to generate a static site or mdbook serve for live preview. Reach for it to write guides, tutorials, and prose documentation. It is not for API reference docs generated from code comments; use rustdoc / cargo doc.

A highly customizable changelog generator that builds release notes from git history, with first-class support for conventional commits and fully templated output (via Tera) and regex-based commit grouping.

Use it when you want full control over changelog formatting independent of your release tooling. It only produces the changelog; to drive the actual version bump, tag, and publish use cargo-release or release-plz.

Automates releases for cargo workspaces through pull requests: it derives version bumps and changelog entries from conventional commits, opens a release PR, and publishes to crates.io once merged. Designed to run in CI.

Use it for a hands-off, git-driven release flow across many crates. If you want manual, step-by-step control from your terminal instead, use the lower-level cargo-release; it internally relies on git-cliff-style changelog generation.

Builds and packages cross-platform binary artifacts and installers (shell/PowerShell installers, archives, npm/Homebrew formulae) and wires up the CI to produce them on a tagged release.

Use it when you ship prebuilt binaries rather than just publishing a crate. Note the project has been renamed to dist; newer releases and docs live under that name. It handles distribution, not version bumping, so pair it with cargo-release or release-plz.

Automates the mechanics of cutting a release: bumps the version, commits, creates a git tag, runs cargo publish, and applies a post-release dev-version bump, with workspace support.

Reach for it when you want explicit, command-driven control over each release step. If you prefer a fully automated, PR-based flow that derives versions from conventional commits, use release-plz instead; for changelog generation pair it with git-cliff.

Builds Rust-generated WebAssembly for consumption from JavaScript, producing an npm-ready package with the wasm-bindgen glue, TypeScript types, and a package.json.

Use it when you publish a Rust library to npm or integrate WASM into a JS toolchain. Note its maintenance activity has slowed; for a full Rust frontend app prefer trunk, and for a thinner build step you can invoke wasm-bindgen-cli directly.

Cross compiles by using zig cc as the linker, which makes it easy to target a specific older glibc version (e.g. --target x86_64-unknown-linux-gnu.2.17) for broad binary compatibility, all without containers.

Use it for lightweight, container-free cross builds, especially for glibc version targeting. It requires Zig to be installed and does not cover every exotic target or runtime; for those, cross with its prebuilt images may be more reliable.

Zero-setup cross compilation: cross build --target ... runs the build inside prebuilt Docker/Podman images that already contain the right toolchain, linker, and system libraries for the target.

Use it to target architectures and platforms without manually installing cross linkers. It requires a running container engine (Docker or Podman), which can be a dealbreaker in restricted CI; if you only need different glibc versions or want to avoid containers, consider cargo-zigbuild.

A toolkit for debugging and flashing embedded Rust on real hardware. It talks to debug probes (CMSIS-DAP, J-Link, ST-Link) to flash firmware, reset targets, and run an in-app log/RTT console, and ships cargo embed plus a GDB/DAP server for editor debugging. It's the modern replacement for OpenOCD-based workflows in the embedded Rust ecosystem.

Reach for it whenever you develop firmware for microcontrollers. It's irrelevant for hosted (non-embedded) targets, and very capable probes with vendor-specific features may still need their proprietary tooling.

A WASM web application bundler for Rust frontend frameworks like Yew and Leptos. Driven by a Trunk.toml and index.html, it runs the asset pipeline (SCSS, images, JS snippets), builds the WASM, and serves a hot-reloading dev server.

Reach for it to build and ship a Rust single-page app to the browser. If your goal is instead to produce a WASM package consumed from JavaScript/npm, use wasm-pack or wasm-bindgen-cli directly.

A command runner that saves project-specific commands as recipes in a justfile and runs them with just <recipe>. Think of it as a saner make: recipes, parameters, and dependencies without make's reliance on file timestamps and tab-sensitive syntax.

Use it to standardize common project tasks (build, test, lint, deploy) for a team. It is a task runner, not a build system, so it does not do incremental builds based on file changes; for that keep using cargo or make.

Provides interactive Rust evaluation: evcxr_repl is a REPL where you can define items, add dependencies with :dep, and evaluate expressions incrementally, and the same engine backs a Jupyter kernel for notebooks.

Use it for experimentation, learning, and prototyping snippets without a full crate. It recompiles behind the scenes so it is not a performance-measurement tool; for benchmarking use criterion or hyperfine.

A background Rust code checker that re-runs cargo check, clippy, test, or doc whenever you save and shows warnings and errors in a compact, navigable TUI, jumping straight to the first problem.

Use it for a fast, terminal-based feedback loop without a full IDE. It is Rust/cargo-focused; if you need a language-agnostic runner that executes arbitrary commands on file change, use watchexec instead.

The official Language Server Protocol implementation for Rust, powering IDE features like completion, go-to-definition, inline type hints, refactorings, and on-the-fly diagnostics in editors such as VS Code, Zed, and Neovim.

It is the default choice for editor integration and is distributed as a rustup component or an editor extension rather than an installable crate. It is an interactive analysis server, not a CI checker; for command-line checks use cargo check/clippy, and for an automated check loop use bacon.

A general-purpose, language-agnostic file watcher that runs an arbitrary command whenever matching files change, with debouncing, glob filters, and process restart handling. Installed via the watchexec-cli crate.

Use it to drive any tool on change (tests, builds, codegen, server reloads), regardless of language. For a Rust-specific experience with a results TUI and ready-made cargo jobs, bacon is more convenient.