PkgRadar

Cargo · crates.io

purl_validator

Rs Build Time Network: HTTP / TCP network call inside build.rs — downloads at compile time.

Why PkgRadar flagged 1.16.48

SeveritySignalEvidence
highRs Build Time NetworkHTTP / TCP network call inside build.rs — downloads at compile time. · purl_validator-1.16.48/build.rs
mediumRemote Payloadmatched "raw.githubusercontent.com" · purl_validator-1.16.48/build.rs

Scanned versions

VersionVerdictScoreScanned (UTC)
1.16.48High risk432026-06-04

Block this in CI

PkgRadar gates purl_validator (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]
Start free — 25 scans / moView full evidence