Cargo · crates.io

syn

Rs Build Time Command: Process spawn (std::process::Command) at build time.

Why PkgRadar flagged 1.0.109

Severity	Signal	Evidence
medium	Rs Build Time Command	Process spawn (std::process::Command) at build time. · syn-1.0.109/build.rs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.0.118`	Low risk	0	2026-06-16
`1.0.109`	Review	9	2026-06-15
`2.0.114`	Low risk	0	2026-06-15
`2.0.38`	Low risk	0	2026-06-01
`2.0.57`	Low risk	0	2026-06-01
`2.0.48`	Low risk	0	2026-06-01
`2.0.117`	Low risk	0	2026-06-01

Block this in CI

PkgRadar gates syn (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]