Go modules · proxy.golang.org

github.com/aikidosec/safechain-internals

Remote Payload: matched "cURL "

Why PkgRadar flagged v0.0.2

Severity	Signal	Evidence
medium	Remote Payload	matched "cURL " · github.com/aikidosec/[email protected]/internal/platform/platform_darwin.go
medium	Remote Payload	matched "cURL " · github.com/aikidosec/[email protected]/internal/platform/platform_darwin_debug_utils.go
medium	Remote Payload	matched "cURL " · github.com/aikidosec/[email protected]/internal/platform/platform_windows.go
medium	Remote Payload	matched "cURL " · github.com/aikidosec/[email protected]/internal/proxy/common.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v1.6.5`	Low risk	0	2026-06-16
`v1.6.4`	Low risk	0	2026-06-13
`v1.6.2-0.20260609140929-18aa4666bf23`	Low risk	0	2026-06-10
`v0.0.2`	High risk	48	2026-06-08
`v1.0.0-s3-test`	High risk	48	2026-06-08
`v1.5.12-0.20260606190703-8084d0d57a4a`	High risk	53	2026-06-08
`v1.5.11`	High risk	48	2026-06-08
`v1.5.11-0.20260604161001-0a2ecef8f535`	High risk	48	2026-06-05
`v1.5.10`	High risk	48	2026-06-05
`v1.5.10-0.20260604100431-cdc9406f3951`	High risk	48	2026-06-05
`v1.5.9`	High risk	48	2026-06-05
`v1.5.9-0.20260601164045-ef93ba7f89bf`	High risk	48	2026-06-02
`v1.5.7`	Review	48	2026-05-29

Block this in CI

PkgRadar gates github.com/aikidosec/safechain-internals (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/aikidosec/[email protected]