PkgRadar

Cargo · crates.io

libduckdb-sys

Rs Build Time Network: HTTP / TCP network call inside build.rs — downloads at compile time.

Why PkgRadar flagged 1.10504.0

SeveritySignalEvidence
highRs Build Time NetworkHTTP / TCP network call inside build.rs — downloads at compile time. · libduckdb-sys-1.10504.0/build.rs
mediumRemote Payloadmatched "github.com/duckdb/duckdb/releases/download" · libduckdb-sys-1.10504.0/build.rs

Scanned versions

VersionVerdictScoreScanned (UTC)
1.10504.0High risk312026-06-17
1.4.5High risk312026-06-17

Block this in CI

PkgRadar gates libduckdb-sys (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]
Start free — 25 scans / moView full evidence
libduckdb-sys — Cargo security scan | PkgRadar