PkgRadar

Cargo · crates.io

zoi-rs

Remote Payload: matched "curl "

Why PkgRadar flagged 1.18.5

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · zoi-rs-1.18.5/src/pkg/package/docker.rs
mediumRemote Payloadmatched "raw.githubusercontent.com" · zoi-rs-1.18.5/src/pkg/package/init_lsp.rs
mediumRemote Payloadmatched "raw.githubusercontent.com" · zoi-rs-1.18.5/src/pkg/purl.rs
mediumRemote Payloadmatched "raw.githubusercontent.com" · zoi-rs-1.18.5/src/pkg/repo_install.rs
mediumRemote Payloadmatched "raw.githubusercontent.com" · zoi-rs-1.18.5/src/pkg/resolve.rs
mediumRemote Payloadmatched "raw.githubusercontent.com" · zoi-rs-1.18.5/src/pkg/sync.rs

Scanned versions

VersionVerdictScoreScanned (UTC)
1.18.5High risk432026-06-14
1.18.4High risk432026-06-13
1.18.3High risk432026-06-08
1.18.2High risk432026-06-08
1.18.1High risk432026-06-08
1.18.0High risk432026-06-07
1.17.0High risk432026-06-04
1.16.1High risk432026-06-03

Block this in CI

PkgRadar gates zoi-rs (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem cargo [email protected]
Start free — 25 scans / moView full evidence
zoi-rs — Cargo security scan | PkgRadar