PkgRadar

Go modules · proxy.golang.org

git.golaxy.org/scaffold

Remote Payload: matched "WGet "

Why PkgRadar flagged v0.2.9-0.20260602101800-4e8a9e494d30

SeveritySignalEvidence
mediumRemote Payloadmatched "WGet " · git.golaxy.org/[email protected]/addins/goscr/fwlib/git_golaxy_org-core-ec-pt.go
mediumRemote Payloadmatched "WGet " · git.golaxy.org/[email protected]/addins/goscr/fwlib/git_golaxy_org-framework-addins-discovery.go
mediumRemote Payloadmatched "WGet " · git.golaxy.org/[email protected]/addins/goscr/fwlib/git_golaxy_org-framework-addins-gate.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.2.9-0.20260602101800-4e8a9e494d30High risk362026-06-03
v0.2.9-0.20260530115209-5fd75c384a96High risk362026-05-31

Block this in CI

PkgRadar gates git.golaxy.org/scaffold (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go git.golaxy.org/[email protected]
Start free — 25 scans / moView full evidence