cargo-geiger

cargo geiger [options]

cargo-geiger is a Cargo subcommand that scans a Rust project's dependency tree to detect and report usage of unsafe Rust code. It counts unsafe expressions, function declarations, trait implementations, and method calls in both the project and all its dependencies.
The output shows a tree view of the dependency graph annotated with counts of unsafe code usage, helping developers assess the safety profile of their dependency chain. Crates using `#![forbid(unsafe_code)]` are clearly marked as verified safe.
The name is a reference to a Geiger counter, which detects radiation — similarly, cargo-geiger detects potentially dangerous unsafe code.

--all-dependencies

Include all dependencies in the scan.

Include build dependencies.

Include development dependencies.

Output format: ascii-tree (default) or json.

Do not activate the default feature.

Space or comma separated list of features to activate.

Update a safety report in the project README.

Only report crates that don't use `#![forbid(unsafe_code)]`.

Analysis is based on source-level detection and may not catch all forms of unsafe behavior (e.g., unsafe code hidden behind macros or generated at build time). Large dependency trees can take significant time to analyze. Requires the source code of all dependencies to be available.

cargo-geiger was created by Anders Kaseorg and the Rust community as a security auditing tool. It addresses the concern that Rust's safety guarantees only hold for safe code, and that unsafe blocks in dependencies can undermine the safety of the entire application.

cargo(1), cargo-audit(1)