Go modules · proxy.golang.org

github.com/DataDog/dd-trace-go/contrib/graph-gophers/graphql-go/v2

Go Mod Replace Local: go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only.

Why PkgRadar flagged v2.9.0-dev.0.20260527180125-5e9edeb0c504

Severity	Signal	Evidence
medium	Go Mod Replace Local	go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only. · github.com/datadog/dd-trace-go/contrib/graph-gophers/graphql-go/[email protected]/go.mod

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v2.9.0-dev.0.20260603175041-72b6fb0904bc`	Low risk	0	2026-06-04
`v2.9.0-dev.0.20260603142526-9d73480f12ce`	Low risk	0	2026-06-04
`v2.9.0-dev.0.20260529131851-560307d67362`	Low risk	0	2026-05-30
`v2.9.0-dev.0.20260528184834-a37e8b7816e2`	Low risk	0	2026-05-30
`v2.9.0-dev.0.20260527180125-5e9edeb0c504`	Review	10	2026-05-29

Block this in CI

PkgRadar gates github.com/DataDog/dd-trace-go/contrib/graph-gophers/graphql-go/v2 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/DataDog/dd-trace-go/contrib/graph-gophers/graphql-go/[email protected]

Start free — 25 scans / mo View full evidence