tokio-tar

cargov0.3.1

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all at once.

License MIT/Apache-2.04 versions0 deps2,910,272 weekly dl
vorot93/tokio-tar
52
/ 100
Health
safe to use

[email protected] is safe to use (health: 52/100)

Update to >= 0.5.6 to fix known vulnerabilities

Health breakdown0 – 100
0/25
maintenance
17/20
popularity
23/25
security
12/15
maturity
0/15
community
Vulnerabilities
2
1 medium1 low
Advisories (2)
SeverityIDSummaryFixed in
mediumCVE-2025-62518astral-tokio-tar Vulnerable to PAX Header Desynchronization0.5.6
unknownCVE-2025-62518`tokio-tar` parses PAX extended headers incorrectly, allows file smuggling

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/cargo/tokio-tar
More from cargo
hashbrowngetrandomwindows-syssyn
Browse all cargo packages →

First published · 2020-01-09T17:53:46.412863Z

Last updated · 2023-07-14T21:02:27.805709Z

tokio-tar — Health Score 52/100 | DepScope | DepScope