cargo-crap flags risky Rust code with complexity and weak tests
cargo-crap targets the ugly overlap Rust teams miss: code that is both hard to read and lightly tested. It turns that risk into a CRAP score before AI-written branches land in production.

cargo-crap is trying to answer a Rust question that is getting sharper as AI-assisted coding spreads: how do you catch code that compiles cleanly but becomes painful to change safely? The tool, introduced on May 18, scans Rust functions for the combination that tends to cause the most trouble, structural complexity paired with weak test coverage.
Its appeal is practical. A tiny helper with 0% coverage is not great, but it is not the same risk as a sprawling parser, state machine, or validation routine with many branches and no tests. cargo-crap looks for that overlap and turns it into a measurable guardrail, which makes it useful in code review, CI, and refactoring work where teams want a fast signal without adding heavyweight process around every pull request.

The metric behind it is not new. CRAP, short for Change Risk Anti-Patterns, was introduced in 2007 by Alberto Savoia and Bob Evans, then written up by Savoia on the Google Testing Blog in 2011. The formula combines cyclomatic complexity and coverage: CRAP(m) = comp(m)^2 × (1 - cov(m))^3 + comp(m). The point is simple but important for Rust teams: 100% coverage does not erase complexity. A method at full coverage still has a CRAP score equal to its cyclomatic complexity, so the score is designed to surface risky combinations, not punish coverage or branching on their own.
That framing fits Rust especially well. The language’s type system removes a lot of memory-safety risk, but it does not make a large, branching function easy to maintain. A parser, serializer, or validation path can still be operationally fragile if it grows too complex and stays under-tested. cargo-crap is aimed at exactly that seam, where AI agents can generate code quickly and leave behind dense logic that passes compilation but raises the cost of every future change.
The project also fits neatly into Cargo’s design. Cargo is built to work with external subcommands, which is why cargo-crap can live as a small add-on instead of requiring changes to Cargo itself. Its GitHub page says it was originally implemented for Java as crap4j and for .NET as NDepend, underscoring that this is a Rust port of a broader maintainability idea, not a one-off experiment.
The tool is already getting attention in the ecosystem. This Week in Rust 652, published on May 20, 2026, highlighted cargo-crap as its crate of the week and described it as a Cargo subcommand for calculating the Change Risk Anti-Patterns metric for a crate. That is a strong signal that Rust developers are looking for lightweight ways to govern AI-written code, and cargo-crap’s pitch is clear: catch the dangerous overlap between complexity and weak tests before it turns into a maintenance mess.
This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.
Did this article answer your question?


