Cargo · crates.io

codewhale-tui

Rs Build Time Command: Process spawn (std::process::Command) at build time.

Why PkgRadar flagged 0.8.59

Severity	Signal	Evidence
medium	Rs Build Time Command	Process spawn (std::process::Command) at build time. · codewhale-tui-0.8.59/build.rs
medium	Remote Payload	matched "raw.githubusercontent.com" · codewhale-tui-0.8.59/src/config.rs
medium	Remote Payload	matched "raw.githubusercontent.com" · codewhale-tui-0.8.59/src/network_policy.rs
medium	Remote Payload	matched "raw.githubusercontent.com" · codewhale-tui-0.8.59/src/skills/install.rs
medium	Remote Payload	matched "raw.githubusercontent.com" · codewhale-tui-0.8.59/src/tools/fetch_url.rs
medium	Remote Payload	matched "curl " · codewhale-tui-0.8.59/src/tools/shell/tests.rs
medium	Remote Payload	matched "curl " · codewhale-tui-0.8.59/src/tui/approval.rs
medium	Remote Payload	matched "raw.githubusercontent.com" · codewhale-tui-0.8.59/src/tui/markdown_render.rs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.8.59`	High risk	119	2026-06-13
`0.8.58`	High risk	119	2026-06-11
`0.8.57`	High risk	119	2026-06-10
`0.8.56`	High risk	119	2026-06-10
`0.8.54`	High risk	119	2026-06-08
`0.8.53`	High risk	119	2026-06-04
`0.8.52`	High risk	119	2026-06-03
`0.8.50`	High risk	119	2026-06-02
`0.8.49`	High risk	119	2026-06-01
`0.8.48`	High risk	119	2026-06-01

Block this in CI

PkgRadar gates codewhale-tui (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]