Cargo · crates.io

whetstone-cli

Remote Payload: matched "curl "

Why PkgRadar flagged 2.5.1

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · whetstone-cli-2.5.1/src/preflight.rs
medium	Remote Payload	matched "raw.githubusercontent.com" · whetstone-cli-2.5.1/src/rtk.rs
medium	Remote Payload	matched "curl " · whetstone-cli-2.5.1/src/setup.rs
medium	Remote Payload	matched "raw.githubusercontent.com" · whetstone-cli-2.5.1/src/update.rs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.5.1`	High risk	48	2026-05-30
`2.5.0`	High risk	48	2026-05-30
`2.4.0`	High risk	48	2026-05-30

Block this in CI

PkgRadar gates whetstone-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]