tough

v0.21.0 Growing

The Update Framework (TUF) repository client

MIT OR Apache-2.0 Edition 2018

#update#repository#tuf

GitHub ↗ crates.io ↗ Compare with…

Quick Verdict

!Pre-1.0: API may have breaking changes
✓Trusted by 104 crates
✓Team maintained (3 owners)
!Heavy dependency tree (32 direct deps)
✓Permissive license (MIT OR Apache-2.0)

Security

Checking security advisories...

Downloads

1.3M

Dependents

104

Releases

Size

139KB

Deep Insights

📈

Strong growth momentum

57.1K downloads in the last 30 days (1.9K/day), up 31% from the previous period.

🔗

Moderate adoption

104 crates depend on tough. Reasonable ecosystem adoption, though not yet a core dependency.

👤

Prolific maintainer

The primary maintainer publishes 81 crates. This suggests deep Rust expertise and long-term commitment to the ecosystem.

🔬

Pre-1.0 for over a year

Despite being 6+ years old, tough hasn't reached 1.0 yet. Expect potential API changes between versions.

📦

Heavy dependency tree

32 direct dependencies. Consider the impact on compile times and supply chain complexity.

🌟

Used by top crates

Notable dependents include tough-ssm, tough-kms, tuftool, sigstore, sigstore-trust-root. When high-quality crates choose tough, it's a strong quality signal.

Health Breakdown

Maintenance 11/25

Recency, release consistency, active ratio

Quality 11/25

Yanked ratio, deps, size, maturity, features

Community 14/20

Reverse deps, ownership, ecosystem

Popularity 7/15

Downloads, momentum, growth trend

Documentation 9/15

Docs, repo, license, metadata

Download Trend

Daily downloads · last 90 days

1K/day avg+90%

Top Dependents

Most downloaded crates that depend on tough

Version Adoption

v0.12.5

27%

v0.21.0

27%

v0.20.0

18%

v0.11.0

14%

v0.17.1

14%

Release Timeline

32 releases1 yankedsince 2019

2019

2020

2021

2022

2023

2024

2025

2026

Less

More|

Yanked

Feature Flags

fipshttpinteg

README

Loading README...

Maintainers

Dependencies

direct dependencies