PkgRadar

Cargo · crates.io

vtcode

Rs Build Time Command: Process spawn (std::process::Command) at build time.

Why PkgRadar flagged 0.121.1

SeveritySignalEvidence
mediumRs Build Time CommandProcess spawn (std::process::Command) at build time. · vtcode-0.121.1/build.rs
mediumRemote Payloadmatched "curl " · vtcode-0.121.1/src/startup/dependency_advisories/notice.rs
mediumRemote Payloadmatched "curl " · vtcode-0.121.1/src/updater/install_source.rs

Scanned versions

VersionVerdictScoreScanned (UTC)
0.121.1Review372026-06-03
0.121.0Review372026-06-03
0.120.0Review372026-06-03
0.119.0Review372026-06-03
0.118.0Review372026-06-03
0.117.7Review372026-06-03
0.117.6Review372026-06-03
0.117.5Review372026-06-02
0.117.4Review372026-06-02
0.117.3Review372026-06-02
0.117.2Review372026-06-02
0.117.1Review372026-06-01
0.117.0Review372026-06-01
0.116.4Review372026-05-31
0.116.3Review372026-05-31
0.116.2Review372026-05-31
0.116.1Review372026-05-31
0.116.0Review372026-05-30
0.115.0Review372026-05-30
0.114.0Review372026-05-29
0.113.0Review412026-05-28
0.112.0Review412026-05-28
0.111.1Review412026-05-28

Block this in CI

PkgRadar gates vtcode (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]
Start free — 25 scans / moView full evidence