PkgRadar

Cargo · crates.io

npcsh

Remote Payload

Why PkgRadar flagged 2.1.2

SeveritySignalEvidence
mediumRemote Payload

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
2.1.2Review122026-07-09
2.1.1Low risk02026-07-09
1.2.37Low risk02026-07-08
1.2.36Low risk02026-07-08
1.2.35Low risk02026-07-07
1.2.34Low risk02026-07-06
1.2.33Low risk02026-07-05
1.2.32Low risk02026-07-03
1.2.31Low risk02026-07-01
1.2.30Low risk02026-06-29
1.2.29Low risk02026-06-25
1.2.28Low risk02026-06-25
1.2.27Low risk02026-06-21
1.2.26Low risk02026-06-21
1.2.25Low risk02026-06-21
1.2.23Low risk02026-06-20
1.2.22Low risk02026-06-19
1.2.20Low risk02026-06-12
1.2.19Low risk02026-06-04
1.2.18Low risk02026-06-03
1.2.17Low risk02026-06-03

Block this in CI

PkgRadar gates npcsh (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]
npcsh — Cargo security scan | PkgRadar