Cargo VS

Compare Cargo vs and see what are their differences.


The Rust package manager (by rust-lang)

Source code for (by rust-lang)
Our great sponsors
  • SonarLint - Deliver Cleaner and Safer Code - Right in Your IDE of Choice!
  • Scout APM - Less time debugging, more time building
  • SaaSHub - Software Alternatives and Reviews
120 311
8,342 2,152
3.3% 1.6%
9.8 9.9
6 days ago 4 days ago
Rust Rust
GNU General Public License v3.0 or later GNU General Public License v3.0 or later
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.


Posts with mentions or reviews of Cargo. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-05-19.

Posts with mentions or reviews of We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-05-13.
  • When will we learn? - Drew DeVault of Rust's (and other package managers') recent supply chain attack
    2 projects | | 13 May 2022
    While I don’t agree that system package managers, I really think that having core/community/unreviewed categorization on would be very useful. Just like architecture have tiers, crates could have tiers. Core crates would be the standard library, and maybe a very few selected package like regex, serde, … Community crates would contains important crates that have active maintainers.
  • Supply Chain Thoughts
    3 projects | | 11 May 2022
    Sorry, I mean no benefit over the proposal of doing this on the server and outright preventing the publish of a crate with a low edit distance. I also proposed that maintains an audit log of publishes that includes edit distance, which I think is similar to your suggestion ultimately.
    3 projects | | 11 May 2022
    There's no support for scopes (yet). Although introducing scopes may indeed help with a lot of's issues
  • criteria for establishing rust popularity?
    1 project | | 11 May 2022
    is there an index or something to compare/measure rust popularity with other languages? I want to know how popular rust has become recently and how is its adoption going? whenever i search on google i find "stackoverflow developer survey" come up often, but i would like to see more sources, also is there any source where i can see the evolution of number of crates on and its comparison with other package managers like pypi or npm etc
  • Security advisory: malicious crate rustdecimal | Rust Blog
    12 projects | | 10 May 2022
    Can just calc something like "levenshtein distance" for new crate name against existing popular crates, and if it <=2 reject it with "you name very similar to ...".
    12 projects | | 10 May 2022
    I do not exspect large enterprises to pull random crates from If they work properly, they maintain their own private cargo repository, where they add codebases that are maintained by themself or are mirrored on a crate by crate basis after a thoughtful review.
    12 projects | | 10 May 2022
    In fact, the team can go check this themselves, I think? If it's possible to see "which packages did people request that didn't exist" I suspect they'll find an edit distance of 1 character in >90% of cases. But they don't even have to - there's actually already plenty of research and plenty of attacks that we can look at.
  • Hey Rustaceans! Got a question? Ask here! (19/2022)!
    4 projects | | 10 May 2022
    Does anybody know any interesting details about how publishing works? And what the best way is to properly vet Rust source code pulled from
    4 projects | | 10 May 2022
    That being said, it would be nice if crates on would link to the actual source code that was published. At least _alongside_ a link to the git repo.
  • Smuggling malicious code into ?
    1 project | | 10 May 2022
    I'm discussing Go vs Rust with my boss. He says Go has a better packaging system than rust, because it's possible to publish different code on than the repo on github. That way, one can accidentally import malicious code, even if one looks at the source code on github. In Go on the other hand, code is pulled from the repo directly, and a database of go.sum hashes ensures that it's always the exact same code.

What are some alternatives?

When comparing Cargo and you can also consider the following projects:

RustCMake - An example project showing usage of CMake with Rust

plotters - A rust drawing library for high quality data plotting for both WASM and native, statically and realtimely πŸ¦€ πŸ“ˆπŸš€

gtk4-rs - Rust bindings of GTK 4

Rocket - A web framework for Rust.

Clippy - A bunch of lints to catch common mistakes and improve your Rust code

cargo-outdated - A cargo subcommand for displaying when Rust dependencies are out of date

opencv-rust - Rust bindings for OpenCV 3 & 4

RustScan - πŸ€– The Modern Port Scanner πŸ€–


rust-analyzer - A Rust compiler front-end for IDEs [Moved to:]

trunk - Build, bundle & ship your Rust WASM application to the web.

windows-rs - Rust for Windows