Cargo · crates.io

blueprint-remote-providers

Remote Payload: matched "curl "

Why PkgRadar flagged 0.2.0-alpha.9

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · blueprint-remote-providers-0.2.0-alpha.9/src/deployment/secure_commands.rs
medium	Remote Payload	matched "curl " · blueprint-remote-providers-0.2.0-alpha.9/src/deployment/secure_ssh.rs
medium	Remote Payload	matched "curl " · blueprint-remote-providers-0.2.0-alpha.9/src/deployment/ssh/client.rs
medium	Remote Payload	matched "curl " · blueprint-remote-providers-0.2.0-alpha.9/src/providers/gcp/mod.rs
medium	Remote Payload	matched "curl " · blueprint-remote-providers-0.2.0-alpha.9/src/providers/vultr/provisioner.rs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.2.0-alpha.9`	High risk	95	2026-06-14

Block this in CI

PkgRadar gates blueprint-remote-providers (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]