Cargo · crates.io

vrc-get-vpm

Remote Payload: matched "github.com/kibalab/material-merger/releases/download"

Why PkgRadar flagged 0.0.16-rc.0

Severity	Signal	Evidence
medium	Remote Payload	matched "github.com/kibalab/material-merger/releases/download" · vrc-get-vpm-0.0.16-rc.0/src/package_manifest/mod.rs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.0.16-rc.0`	Review	6	2026-05-30

Block this in CI

PkgRadar gates vrc-get-vpm (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]