PkgRadar

Cargo · crates.io

safeinstall

Remote Payload: matched "invoke-webrequest"

Why PkgRadar flagged 0.1.0

SeveritySignalEvidence
mediumRemote Payloadmatched "invoke-webrequest" · safeinstall-0.1.0/src/analyzer.rs
mediumRemote Payloadmatched "curl " · safeinstall-0.1.0/src/command.rs
mediumRemote Payloadmatched "raw.githubusercontent.com" · safeinstall-0.1.0/src/reputation/domain.rs
mediumRemote Payloadmatched "curl " · safeinstall-0.1.0/src/source.rs

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.0High risk482026-06-05

Block this in CI

PkgRadar gates safeinstall (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]
Start free — 25 scans / moView full evidence