June 20, 2026
Radiation scan or nerd panic?
Cargo-Geiger
Rust’s ‘danger detector’ sparks panic, eye-rolls, and a big ‘unsafe isn’t evil’ fight
TLDR: cargo-geiger is a tool that counts how often Rust projects use code outside the language’s normal safety protections. Commenters instantly split over whether that’s helpful transparency or a misleading scare metric, with several arguing that useful programs all rely on some of this code anyway.
A new Rust tool called cargo-geiger is basically a code counter for risky-looking parts of a project and its add-ons. It scans for uses of “unsafe” code — the parts where developers step outside Rust’s usual safety rails — and reports the numbers. The project itself is careful not to call that a verdict on whether code is actually bad or insecure. But of course, the community immediately turned that nuance into a spicy little culture war.
The loudest reaction? Fear of stigma. One commenter worried that totally fine code could get publicly branded as sketchy just because it contains “unsafe,” asking whether counting those spots is even useful compared with checking how well they’re tested. Another user pushed the debate further: the real issue, they argued, isn’t the number of warning signs, but whether any of those blocks actually cause hidden breakage. In other words: one bad move can matter more than a hundred harmless ones.
And then came the mic-drop take: every useful Rust program has unsafe somewhere. That comment landed like the thread’s reality check, reminding everyone that even the standard tools under the hood rely on it. So the vibe was less “ban the scary stuff” and more “please stop treating this like a villain scoreboard.” The Geiger counter name also gave the whole thing an accidental meme boost: unsafe code as radiation, developers as hazmat inspectors, and commenters basically yelling, ‘Don’t confuse detectable with deadly!’
Key Points
- •Cargo Geiger is a cargo plugin that reports statistics on unsafe Rust code in a crate and all its dependencies.
- •The tool was originally based on code from the cargo-osha and cargo-tree projects.
- •It can be installed with cargo using either a system OpenSSL library or a statically linked vendored OpenSSL build, and pre-built binaries are available via GitHub releases.
- •The project states that it is not intended to determine whether code is truly insecure, but to provide statistical input for auditing tools such as cargo-crev and safety-dance.
- •Cargo Geiger exposes three libraries: cargo-geiger, cargo-geiger-serde, and geiger, with different roles for internals, serializable reports, and decoupled cargo components.