Cargo Plugins

My favorite 5 cargo plugins

4 minute read

Here are the 5 cargo plugins I use the most(Keep in mind these depend on the use case):

1. clippy

Clippy is by far the most useful linter, although it gives some false positives it is generally very useful for common mistakes that can be found in Rust code.

For example in this code:

fn main() {
    let vec = vec![1, 2, 3, 4];

fn increase_vec(vector: &Vec<u32>) -> Vec<u32> {
    vector.iter().map(|v| v + 1).collect()

While cargo check gives no warnings at all using cargo clippy in the projects’ directory gives us the following tip: Clippy Output

So we can replace the vector with a reference to an array which is faster since it uses one reference less.

Installing Clippy is very easy:

rustup update
rustup component add clippy

And we can run it using: cargo clippy

2. cargo-checkmate

This plugin bundles a bunch of other plugins together. It first performs a cargo check, compares the current formatting with the one of cargo fmt, checks if cargo build passes, checks if tests pass, then checks if the docs compile and lastly runs cargo audit to check for vulnerabilities in dependencies.

An output will probably look something like this: Checkmate Output

You can install it via: cargo install cargo-checkmate

And to use it run: cargo checkmate

And to execute it on every commit execute: cargo checkmate git-hook install in the project folder.

3. cargo flamegraph

Cargo flamegraph generates a so-called “flamegraph” of your program. It generates a graph which shows where execution time is being spent in your program. This way it can help you figure out what to optimize in order to get better performance out of your program.

By default, flamegraph will use the release output which is fine for most cases, however in order to get more information we can add

debug = true

to our Cargo.toml.

To use it properly on Linux we either have to run it as root or lower perf_event_paranoid(Which may not fit your security needs):

sudo echo -1 | sudo tee /proc/sys/kernel/perf_event_paranoid

This is what a graph looks like, from the example of freshfetch: Checkmate Output

4. honggfuzz-rs

Fuzzing has become very important in software security and stability nowadays. This fuzzer, developed by Google, is probably one of the best available.

We install it by using:

cargo install honggfuzz

Add it to project dependencies using:

honggfuzz = "0.5"

Create a target to fuzz:

extern crate url;
use honggfuzz::fuzz;

fn main(){
    println("Starting fuzzer...");
        fuzz!(|data: &[u8]| {
            if let Ok(s) = std::str::from_utf8(data) {
                let _ = url::Url::parse(s);

Now if we run:

cargo hfuzz run TARGET # TARGET is typically the crate name, but it depends

We see a terminal like this: Honggfuzz Output

While it’s running we see a hfuzz_workspace directory, which has TARGET directory, where we can find the found unique crashes, along with a honggfuzz report, which contains details on how it crashed.

5. cargo-update

This Plugin is used to update all the binaries we just installed.

Install it by using:

cargo install cargo-update

And update binaries using:

cargo install-update -a

It would probably also make sense to make it a Pacman hook(or something similar on other Linux distros).

Here is mine, though you need to replace the [USER] with your username.


There are obviously many Plugins I haven’t mentioned that are very useful too, for example cargo-criterion, which is useful for benchmarks or cargo-outdated, which helps you keep your dependencies up to date.

But I hope at least some of them were useful to you and made your workflow a bit easier.



Every Rust user knows the pain of waiting for a build to finish, especially if you are on a slow machine. sccache is a tool that caches compilation artifacts so that subsequent builds can reuse them. This is really useful if you are on a slower machine or have many dependencies and while there are some limitations to the caching, it makes most of my builds much faster and is even better if you share your cache with your team(For example, using redis or one of the many other supported backends).

Thanks to my sponsors flyaruu for making these posts possible!

< Home