PkgRadar

RubyGems · rubygems.org

rdkafka

Rb Install Time System: Direct shell invocation paired with eval/dynamic-require/network/deserialize.

Why PkgRadar flagged 0.28.0

SeveritySignalEvidence
highRb Install Time SystemDirect shell invocation paired with eval/dynamic-require/network/deserialize. · ext/Rakefile
highRb Install Time BackticksBacktick / %x() shell-out paired with eval/dynamic-require/network/deserialize. · ext/Rakefile
highRb Install Time Network CallNetwork call (Net::HTTP / URI.open / HTTParty / Faraday / RestClient) at install time. · ext/Rakefile

Scanned versions

VersionVerdictScoreScanned (UTC)
0.28.0Review402026-06-03

Block this in CI

PkgRadar gates rdkafka (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem rubygems [email protected]
Start free — 25 scans / moView full evidence
rdkafka — RubyGems security scan | PkgRadar