Coverage go

Go modules `proxy.golang.org`

Go. Modules are immutable in the public proxy, so the supply-chain surface is install-time init() side effects, cgo C code, build-tagged stubs, and `replace` redirects. Scanner is preview-quality (proxy.golang.org existence check + module zip walk pending).

Packages scanned

119,029

High risk

1,229

Review

20,209

High-severity findings

629

Last scan

37s ago

Install-time attack surface

build-tagged init() functions, cgo preamble, `go:generate` directives, and `replace` clauses

Supported lockfile formats

go.mod
go.sum

Spec format

pkgradar gate --ecosystem go github.com/sirupsen/[email protected]

Recent activity

The corpus-wide release feed lives on /campaigns. A per-ecosystem release feed for Go modules is on the roadmap — the stats above are filtered to this ecosystem in the meantime.

Other ecosystems