Cargo · crates.io

prek

Rs Build Time Command: Process spawn (std::process::Command) at build time.

Why PkgRadar flagged 0.4.4

Severity	Signal	Evidence
medium	Rs Build Time Command	Process spawn (std::process::Command) at build time. · prek-0.4.4/build.rs
medium	Remote Payload	matched "github.com/oven-sh/bun/releases/download" · prek-0.4.4/src/languages/bun/installer.rs
medium	Remote Payload	matched "github.com/astral-sh/uv/releases/download" · prek-0.4.4/src/languages/python/uv.rs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.4.4`	Review	41	2026-06-04

Block this in CI

PkgRadar gates prek (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]