cargo-audit vs bundle-audit Comparison
cargo-audit (Rust) and bundle-audit (Ruby) are the standard CLI security scanners for their ecosystems. Both require installation and produce reports — not fixed manifests. PackageFix handles Cargo.toml and Gemfile in the browser with no install.
| Feature | cargo-audit | bundle-audit |
|---|---|---|
| Language | Rust | Ruby |
| Browser-based | ❌ CLI only | ❌ CLI only |
| Install required | ✅ cargo install | ✅ gem install |
| Fix output | ❌ Report only | ❌ Report only |
| RustSec advisory | ✅ Yes | — |
| GitHub Advisory | ✅ Yes | ✅ Yes |
| PackageFix alternative | ✅ Covers Rust | ✅ Covers Ruby |
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
Frequently Asked Questions
Does PackageFix replace these tools?
PackageFix is a browser-based scanner for quick one-off scans. For automated CI/CD scanning, use the CLI tools in your pipeline. PackageFix generates the Renovate config and GitHub Actions workflow you need.
Is PackageFix free?
Yes — completely free, MIT licensed, open source.
Which ecosystems does PackageFix support?
npm, PyPI, Ruby, PHP, Go, Rust, and Java/Maven — 7 ecosystems in one tool.
Does PackageFix require GitHub?
No. Paste any manifest file directly — no GitHub connection, no account, no CLI.