Cargo · crates.io

x0x

Remote Payload: matched "github.com/saorsa-labs/x0x/releases/download"

Why PkgRadar flagged 0.24.0

Severity	Signal	Evidence
medium	Remote Payload	matched "github.com/saorsa-labs/x0x/releases/download" · x0x-0.24.0/src/bin/x0x-keygen.rs
medium	Remote Payload	matched "curl " · x0x-0.24.0/src/bin/x0x.rs
medium	Remote Payload	matched "curl " · x0x-0.24.0/src/cli/commands/upgrade.rs

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.24.0`	High risk	36	2026-06-15
`0.23.1`	High risk	36	2026-06-11
`0.23.0`	High risk	36	2026-06-10
`0.22.1`	High risk	36	2026-06-10
`0.22.0`	High risk	36	2026-06-10
`0.21.4`	High risk	36	2026-06-10
`0.21.3`	High risk	36	2026-06-07
`0.21.2`	High risk	36	2026-06-05
`0.21.1`	High risk	36	2026-06-04
`0.21.0`	High risk	36	2026-06-03
`0.20.2`	High risk	36	2026-06-02
`0.20.1`	High risk	36	2026-06-02
`0.20.0`	High risk	36	2026-06-02
`0.19.53`	Review	36	2026-05-30
`0.19.51`	High risk	36	2026-05-30
`0.19.50`	High risk	36	2026-05-30
`0.19.52`	Review	36	2026-05-29

Block this in CI

PkgRadar gates x0x (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]