PkgRadar

Cargo · crates.io

alef

Rs Build Time Command: Process spawn (std::process::Command) at build time.

Why PkgRadar flagged 0.25.25

SeveritySignalEvidence
mediumRs Build Time CommandProcess spawn (std::process::Command) at build time. · alef-0.25.25/src/cli/pipeline/commands/build.rs
mediumRemote Payloadmatched "raw.githubusercontent.com" · alef-0.25.25/src/cli/commands/check_registry.rs
mediumRemote Payloadmatched "github.com/example/rustlib/releases/download" · alef-0.25.25/src/cli/pipeline/version_tests/swift_placeholder.rs
mediumRemote Payloadmatched "github.com/kreuzberg-dev/alef/releases/download" · alef-0.25.25/src/core/config/schema.rs
mediumRemote Payloadmatched "curl " · alef-0.25.25/src/e2e/codegen/c/project.rs
mediumRemote Payloadmatched "wget " · alef-0.25.25/src/e2e/codegen/java_mvnw.rs
mediumRemote Payloadmatched "curl " · alef-0.25.25/src/e2e/codegen/php/project.rs
mediumRemote Payloadmatched "github.com/example/releases/download" · alef-0.25.25/src/e2e/codegen/zig/hash.rs
mediumRemote Payloadmatched "github.com/example/my-lib/releases/download" · alef-0.25.25/src/scaffold/languages/swift.rs

Scanned versions

VersionVerdictScoreScanned (UTC)
0.25.25High risk1262026-06-17
0.25.24High risk1262026-06-17
0.25.23High risk1262026-06-16
0.25.21High risk1262026-06-16
0.25.20High risk1262026-06-16
0.25.19High risk1262026-06-16
0.25.18High risk1262026-06-16
0.25.17High risk1262026-06-15
0.25.16High risk1262026-06-15
0.25.15High risk1262026-06-15
0.25.14High risk1262026-06-15
0.25.13High risk1262026-06-15
0.25.12High risk1262026-06-15
0.25.11High risk1262026-06-15
0.25.10High risk1262026-06-15
0.25.9High risk1262026-06-15
0.25.7High risk1262026-06-14
0.25.5High risk1142026-06-14
0.25.4High risk1142026-06-14
0.25.3High risk1142026-06-14
0.25.2High risk1142026-06-14
0.25.1High risk1142026-06-14
0.24.17High risk1142026-06-13
0.24.16High risk1142026-06-13
0.24.14High risk1142026-06-12
0.24.13High risk1142026-06-12
0.24.12High risk842026-06-12
0.24.10High risk842026-06-12
0.24.9High risk842026-06-12
0.24.8High risk842026-06-11
0.24.7High risk842026-06-11
0.24.6High risk842026-06-11
0.24.5High risk842026-06-11
0.24.4High risk842026-06-11
0.24.3High risk842026-06-11
0.24.2High risk842026-06-11
0.24.1High risk722026-06-10
0.24.0High risk722026-06-10
0.23.76High risk722026-06-10
0.23.74High risk722026-06-10
0.23.72High risk722026-06-10
0.23.73High risk722026-06-10
0.23.71High risk722026-06-09
0.23.70High risk722026-06-09
0.23.69High risk722026-06-09
0.23.67High risk722026-06-09
0.23.66High risk722026-06-09
0.23.65High risk722026-06-09
0.23.63High risk722026-06-09
0.23.61High risk722026-06-09
0.23.60High risk722026-06-09
0.23.59High risk722026-06-09
0.23.57High risk722026-06-09
0.23.56High risk722026-06-09
0.23.55High risk722026-06-09
0.23.53High risk722026-06-09
0.23.52High risk722026-06-09
0.23.51High risk722026-06-09
0.23.50High risk722026-06-08
0.23.49High risk722026-06-08
0.23.48High risk722026-06-08
0.23.47High risk722026-06-08
0.23.46High risk722026-06-08
0.23.44High risk722026-06-08
0.23.42High risk722026-06-08
0.23.39High risk722026-06-08
0.23.37High risk722026-06-08
0.23.36High risk722026-06-08
0.23.35High risk722026-06-08
0.23.34High risk722026-06-08
0.23.33High risk722026-06-08
0.23.32High risk722026-06-08
0.23.31High risk722026-06-07
0.23.30High risk722026-06-07
0.23.29High risk722026-06-07
0.23.27High risk722026-06-07
0.23.26High risk722026-06-07
0.23.25High risk722026-06-07
0.23.24High risk722026-06-06
0.23.23High risk842026-06-06
0.23.22High risk842026-06-06
0.23.21High risk842026-06-06
0.23.20High risk842026-06-06
0.23.18High risk842026-06-06
0.23.17High risk842026-06-06
0.23.16High risk722026-06-05
0.23.14High risk722026-06-05
0.23.15High risk722026-06-05
0.23.13High risk722026-06-05
0.23.12High risk722026-06-05
0.23.11High risk722026-06-05
0.23.10High risk722026-06-05
0.23.9High risk722026-06-05
0.23.8High risk722026-06-05
0.23.6High risk722026-06-05
0.23.4High risk722026-06-05
0.23.1High risk722026-06-04
0.23.0High risk722026-06-04
0.22.33High risk842026-06-04
0.22.28High risk842026-06-04
0.22.27High risk842026-06-04
0.22.26High risk842026-06-04
0.22.25High risk842026-06-04
0.22.24High risk842026-06-04
0.22.23High risk842026-06-03
0.22.22High risk842026-06-03
0.22.20High risk842026-06-03
0.22.19High risk722026-06-03
0.22.18High risk722026-06-03
0.22.17High risk722026-06-03
0.22.15High risk722026-06-03
0.22.7High risk722026-06-03
0.22.0High risk602026-06-03
0.21.1High risk602026-06-02
0.21.0High risk602026-06-01
0.20.9High risk602026-05-30
0.20.8High risk602026-05-30
0.20.6High risk602026-05-30
0.20.7High risk602026-05-30
0.20.4High risk602026-05-30
0.20.5High risk602026-05-30
0.20.2High risk602026-05-30
0.20.1High risk482026-05-30
0.20.0High risk482026-05-30
0.19.25High risk482026-05-30
0.19.23High risk482026-05-30
0.19.22High risk482026-05-30
0.19.21High risk482026-05-30
0.20.15Review602026-05-29

Block this in CI

PkgRadar gates alef (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]
Start free — 25 scans / moView full evidence