Cargo · crates.io

tauri-bundler

Remote Payload: matched "github.com/tauri-apps/binary-releases/releases/download"

Why PkgRadar flagged 2.9.3

Severity	Signal	Evidence
medium	Remote Payload	matched "github.com/tauri-apps/binary-releases/releases/download" · tauri-bundler-2.9.3/src/bundle/linux/appimage/linuxdeploy.rs
medium	Remote Payload	matched "github.com/wixtoolset/wix3/releases/download" · tauri-bundler-2.9.3/src/bundle/windows/msi/mod.rs
medium	Remote Payload	matched "github.com/tauri-apps/binary-releases/releases/download" · tauri-bundler-2.9.3/src/bundle/windows/nsis/mod.rs
medium	Remote Payload	matched "github.com/([^/]+)/([^/]+)/releases/download" · tauri-bundler-2.9.3/src/utils/http_utils.rs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.9.3`	Review	14	2026-06-17

Block this in CI

PkgRadar gates tauri-bundler (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]