cargo / toml_edit

toml_edit

cargo

Yet another format-preserving TOML parser.

Audits

PE Patrick Elsen 2026-06-02

toml_edit@0.25.12+spec-1.1.0 · 1 finding

toml_edit 0.25.12+spec-1.1.0 is a format-preserving TOML parser/editor. No unsafe, no I/O, no concurrency; the byte-level lexer is delegated to toml_parser. Parsing bounds recursion at depth 80 by default; numeric overflow surfaces as TomlError. Tested via the language-neutral toml-test suite, proptests, and an upstream libfuzzer target. One low-severity finding: the unbounded Cargo feature, which disables the recursion guard, is undocumented.

has-binarieshas-build-exechas-fuzz-testshas-install-exechas-integration-testshas-property-testshas-unit-testsimpl-algorithmimpl-concurrencyimpl-cryptoimpl-datastructureimpl-interpreterimpl-jitimpl-parserimpl-protocolis-benignparser-impl-correctparser-impl-safeparser-impl-testeduses-concurrencyuses-cryptouses-environmentuses-execuses-filesystemuses-interpreteruses-jituses-networkuses-unsafe

PE Patrick Elsen 2026-05-27

toml_edit@0.25.11+spec-1.1.0

toml_edit 0.25.11 is a format-preserving TOML parser and editor used by Cargo; it contains zero unsafe blocks, enforces a recursion limit of 80 levels (overridable via an opt-in unbounded feature), and is exercised by a TOML compliance test suite and proptest round-trip properties. No findings were produced.

has-binarieshas-build-exechas-fuzz-testshas-install-exechas-integration-testshas-property-testshas-unit-testsimpl-algorithmimpl-concurrencyimpl-cryptoimpl-datastructureimpl-interpreterimpl-jitimpl-parserimpl-protocolis-benignparser-impl-safeparser-impl-testeduses-concurrencyuses-cryptouses-environmentuses-execuses-filesystemuses-interpreteruses-jituses-networkuses-unsafe