Cargo · crates.io

lean-ctx

Remote Payload: matched "curl "

Why PkgRadar flagged 3.8.8

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · lean-ctx-3.8.8/src/cli/init_cmd.rs
medium	Remote Payload	matched "curl " · lean-ctx-3.8.8/src/cli/session_cmd.rs
medium	Remote Payload	matched "curl " · lean-ctx-3.8.8/src/cli/shell_init.rs
medium	Remote Payload	matched "curl " · lean-ctx-3.8.8/src/core/compression_safety.rs
medium	Remote Payload	matched "curl " · lean-ctx-3.8.8/src/core/patterns/curl.rs
medium	Remote Payload	matched "curl " · lean-ctx-3.8.8/src/core/patterns/mod.rs
medium	Remote Payload	matched "curl " · lean-ctx-3.8.8/src/core/sandbox_seatbelt.rs
medium	Remote Payload	matched "curl " · lean-ctx-3.8.8/src/core/shell_allowlist/tests.rs
medium	Remote Payload	matched "curl " · lean-ctx-3.8.8/src/hook_handlers/tests.rs
medium	Remote Payload	matched "curl " · lean-ctx-3.8.8/src/shell/compress/tests.rs
medium	Remote Payload	matched "curl " · lean-ctx-3.8.8/src/shell/output_policy.rs
medium	Remote Payload	matched "curl " · lean-ctx-3.8.8/src/tools/ctx_shell.rs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`3.8.8`	High risk	110	2026-06-17
`3.8.7`	High risk	110	2026-06-15
`3.8.6`	High risk	110	2026-06-15
`3.8.5`	High risk	110	2026-06-14
`3.8.4`	High risk	110	2026-06-13
`3.8.3`	High risk	110	2026-06-13
`3.8.2`	High risk	110	2026-06-12
`3.8.1`	High risk	110	2026-06-12
`3.8.0`	High risk	110	2026-06-12
`3.7.5`	High risk	95	2026-06-06
`3.7.4`	High risk	95	2026-06-06
`3.7.3`	High risk	95	2026-06-04
`3.7.2`	High risk	95	2026-06-04
`3.7.1`	High risk	95	2026-06-03
`3.7.0`	High risk	95	2026-06-01
`3.6.23`	High risk	95	2026-05-30
`3.6.22`	High risk	95	2026-05-30
`3.6.21`	High risk	95	2026-05-30
`3.6.20`	High risk	95	2026-05-30
`3.6.26`	Review	95	2026-05-30
`3.6.25`	Review	95	2026-05-30
`3.6.24`	Review	95	2026-05-29

Block this in CI

PkgRadar gates lean-ctx (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]