23.12 Installing Binary Packages with cargo install
Besides building your own projects, you can install Rust applications published on Crates.io directly using cargo install. This command downloads the specified package, builds its default binary crate (usually in release mode), and places the resulting executable in your Cargo bin directory.
cargo install ripgrep # Installs the 'ripgrep' fast search tool package
cargo install fd-find # Installs the 'fd' find alternative package
Cargo downloads the package’s source code, compiles its binary crate in release mode, and places the resulting binary in ~/.cargo/bin/. Ensure this directory is included in your system’s PATH environment variable to run the installed commands directly (e.g., rg, fd).
Important note regarding Cargo.lock and cargo install:
When you run cargo install, it builds the specified binary package from source. Unlike cargo build or cargo run (which, for a local project, will automatically use an existing Cargo.lock file to ensure reproducible builds), cargo install by default ignores the Cargo.lock file that might be present in the downloaded package’s source. Instead, it resolves dependencies based on Cargo.toml and creates a new Cargo.lock for the installation process.
This behavior is generally safe for libraries (where the exact dependency versions are less critical for the library itself, as the downstream application’s Cargo.lock will govern). However, for installing application binaries, it means you might get a different set of dependency versions than what the application developer used or tested with, potentially leading to different behavior or even breakage if a dependency introduced an incompatible change.
To ensure a reproducible installation that uses the exact dependency versions specified by the application’s developer (i.e., those recorded in the Cargo.lock file shipped with the package), you should use the --locked flag:
# Install with reproducible dependencies as specified by the package author
cargo install ripgrep --locked
Using --locked is highly recommended for installing application binary packages to ensure you get the same executable artifact that the author intended. If the package’s Cargo.lock file is missing or out of sync with Cargo.toml, cargo install --locked will fail, prompting the package author to fix their distribution.
Use cargo install --list to see installed packages. To update an installed package, run cargo install again with the same package name (or cargo install <package_name> --locked for reproducibility). To uninstall, use cargo uninstall <package_name>.