PkgRadar

Go modules · proxy.golang.org

github.com/PinchTab/pinchtab

Known Indicator Filename: github.com/pinchtab/[email protected]/internal/assets/stealth.js

Why PkgRadar flagged v0.12.0

SeveritySignalEvidence
highKnown Indicator Filenamegithub.com/pinchtab/[email protected]/internal/assets/stealth.js · github.com/pinchtab/[email protected]/internal/assets/stealth.js
mediumRemote Payloadmatched "cURL " · github.com/pinchtab/[email protected]/internal/cli/actions/actions_network.go
mediumRemote Payloadmatched "cURL " · github.com/pinchtab/[email protected]/internal/cli/report/startup.go
mediumRemote Payloadmatched "raw.githubusercontent.com" · github.com/pinchtab/[email protected]/internal/config/config_file.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.12.0High risk812026-06-12
v0.13.2High risk812026-06-12

Block this in CI

PkgRadar gates github.com/PinchTab/pinchtab (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/PinchTab/[email protected]
Start free — 25 scans / moView full evidence