Getting Started
Scan Rust projects for security, performance, correctness, architecture, and dependency issues with a single command.
What is rust-doctor?
rust-doctor is a unified code health tool for Rust. It scans your codebase for security vulnerabilities, performance anti-patterns, correctness bugs, architectural issues, and dependency problems — producing a 0–100 health score with actionable diagnostics.
Quick start
Run it on any Rust project without installing anything:
npx -y rust-doctor@latest .Or install it globally:
cargo install rust-doctorOr set up AI agent integration (Claude Code, Cursor, Windsurf):
rust-doctor setupWhat does it check?
| Category | What it detects | Sources |
|---|---|---|
| Security | Hardcoded secrets, SQL injection risks, unsafe block audit, known CVEs | Custom AST rules + cargo-audit |
| Performance | Excessive cloning, unnecessary allocations, blocking in async, collect-then-iterate | Custom AST rules + clippy |
| Correctness | Unwrap in production, panic in libraries, error handling anti-patterns | Custom AST rules + clippy |
| Architecture | Framework anti-patterns for tokio/axum/actix-web, large enum variants | Custom AST rules |
| Dependencies | Known vulnerabilities, license violations, unused dependencies, semver breaking changes | cargo-audit, cargo-deny, cargo-machete, cargo-semver-checks |
How the score works
The health score is a weighted average across 5 dimensions (Security ×2.0, Reliability ×1.5, Maintainability ×1.0, Performance ×1.0, Dependencies ×1.0). Each dimension starts at 100 and subtracts penalties for each unique rule violated:
- Error-level violation: -1.5 points
- Warning-level violation: -0.75 points
- Info-level violation: -0.25 points
The overall score is the weighted average of all dimension scores, clamped to [0, 100]. Fixing all instances of one rule removes the entire penalty for that rule.
| Score | Label | Meaning |
|---|---|---|
| 75–100 | Great | Healthy codebase |
| 50–74 | Needs work | Accumulated technical debt |
| 0–49 | Critical | Significant issues to address |