In addition to the standard library, Rust provides an easy way to import other libraries in a project, thanks to cargo. The libraries, known as crates in the Rust ecosystem, are imported from the open-source components central repository

It should be noticed that the quality (in terms of security, performances, readability, etc.) of the published crates is very variable. Moreover, their maintenance can be irregular or interrupted. The usage of each component from this repository should be justified, and the developer should validate the correct application of rules from the current guide in its code. Several tools can aid in that task.


Cargo-outdated tool allows one to easily manage dependencies versions.

For a given crate, it lists current dependencies versions (using its Cargo.toml), and checks latest compatible version and also latest general version.


The cargo-outdated tool must be used to check dependencies status. Then, each outdated dependency must be updated or the choice of the version must be justified.


Cargo-audit tool allows one to easily check for security vulnerabilities reported to the RustSec Advisory Database.


The cargo-audit tool must be used to check for known vulnerabilities in dependencies.