I personally would love to see a heavily moderated, curated, security hardened crates repository as an alternative to crates.io that contains only well-maintained, security audited, organizationally vetted crates.

For organizations that have regulatory, safety, strong security etc concerns (a market Rust is a natural fit for) this could be critically important. But even more so I would just use it. I am tired of my `cargo tree` rapidly turning into an exploding maze. I don't want 3 different MD5 or rand or cryptography or http packages used in one static linkage, and I don't want them bringing in an exploding maze of transitive dependencies of their own.

Are you aware of https://lib.rs/ ? Not "heavily", and a catalogue rather than a repository, but it's opinionated and curated.