There's cargo vet, cargo audit and I think various other tools. There's also a process for reporting and removing malicious ones and stuff like that, like you'd expect. Rust didn't really have a major supply chain attack as I'm avare. I remember one typo-squat with malicious code, but that was found pretty quickly and don't think it was exploited.