Cargo · crates.io

hydra-sync

Credential File Packaged: hydra-sync-1.0.0-beta.5/.env

Why PkgRadar flagged 1.0.0-beta.5

Severity	Signal	Evidence
high	Credential File Packaged	hydra-sync-1.0.0-beta.5/.env · hydra-sync-1.0.0-beta.5/.env
medium	Suspicious Publish Context	{"package_age_days":2,"publisher":"ronak ghosh","burst_same_day":2,"burst_week":3,"lure":null,"version_anomaly":false,"new_account":false}

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.0.0-beta.5`	High risk	45	2026-06-15
`1.0.0-beta.4`	High risk	45	2026-06-15
`1.0.0-beta.3`	Low risk	0	2026-06-14
`1.0.0-beta.2`	Low risk	0	2026-06-13

Block this in CI

PkgRadar gates hydra-sync (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]