Go modules · proxy.golang.org

github.com/abarbarov/nabu

Credential file access: matched ".ssh/"

Why PkgRadar flagged v0.0.0-20190801184215-120201e92e0b

Severity	Signal	Evidence
medium	Credential file access	matched ".ssh/" · github.com/abarbarov/[email protected]/builder/builder.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20180814193818-c637d3b9a42b`	Low risk	0	2026-06-10
`v0.0.0-20180814135654-1fbc278cd841`	Low risk	0	2026-06-10
`v0.0.0-20190801184215-120201e92e0b`	Review	10	2026-06-10

Block this in CI

PkgRadar gates github.com/abarbarov/nabu (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/abarbarov/[email protected]