PkgRadar

Cargo · crates.io

rialo-build-lib

Remote Payload: matched "github.com/riscv-collab/riscv-gnu-toolchain/releases/download"

Why PkgRadar flagged 0.11.0-alpha.0

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/riscv-collab/riscv-gnu-toolchain/releases/download" · rialo-build-lib-0.11.0-alpha.0/src/toolchain/gnu_riscv.rs
mediumRemote Payloadmatched "github.com/subzerolabs/rialo-toolchains/releases/download" · rialo-build-lib-0.11.0-alpha.0/src/toolchain/rialo_rust.rs

Scanned versions

VersionVerdictScoreScanned (UTC)
0.11.0-alpha.0Review392026-06-15
0.10.2Review392026-06-15

Block this in CI

PkgRadar gates rialo-build-lib (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]
Start free — 25 scans / moView full evidence