Go modules · proxy.golang.org
github.com/Q16G/aster
Remote Payload: matched "curl "
Why PkgRadar flagged v1.1.0-alpha-3
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · github.com/q16g/[email protected]/internal/builtin_tools/cmd_exec.go |
| medium | Remote Payload | matched "invoke-webrequest" · github.com/q16g/[email protected]/internal/builtin_tools/powershell_safety.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v1.1.0-alpha-3 | Review | 27 | 2026-06-02 |
v1.0.0-beta.0.20260530103336-81a55fa8593a | Review | 27 | 2026-06-01 |
v1.0.0-beta | Review | 27 | 2026-06-01 |
v0.1.0-alpha-9.0.20260528084440-89e73477515e | Review | 27 | 2026-05-31 |
v0.1.0-alpha-9 | Review | 27 | 2026-05-31 |
Block this in CI
pkgradar gate --ecosystem go github.com/Q16G/[email protected]