Is tokio-tar safe to use?

tokio-tar has 2 known vulnerabilities on the latest version (0.3.1). DepScope rates its health at 49/100 (high risk).

What is the latest version of tokio-tar?

The latest version of tokio-tar is 0.3.1, released 2023-07-14.

Does tokio-tar have known vulnerabilities?

Yes. tokio-tar has 2 known vulnerabilities. See depscope.dev/pkg/cargo/tokio-tar for details.

Is tokio-tar deprecated?

No, tokio-tar is actively maintained. Latest release: 0.3.1 (2023-07-14).

What are alternatives to tokio-tar?

Popular alternatives to tokio-tar in Cargo include: hashbrown, getrandom, windows-sys, syn.

What license does tokio-tar use?

tokio-tar is licensed under MIT/Apache-2.0.

tokio-tar

cargov0.3.1

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all at once.

License MIT/Apache-2.0permissive4 versions0 deps2,924,044 weekly dl

vorot93/tokio-tar

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Severity	ID	Summary	Fixed in
high	CVE-2025-62518	astral-tokio-tar Vulnerable to PAX Header Desynchronization	0.5.6
unknown	CVE-2025-62518	`tokio-tar` parses PAX extended headers incorrectly, allows file smuggling	—

tokio-tar

Health History

Dependency Tree

License Audit