Go modules · proxy.golang.org
github.com/alessandro-bitetto/chaindora
Known Indicator Filename: github.com/alessandro-bitetto/[email protected]/testdata/fake-home/somerepo/.github/workflows/shai-hulud-workflow.yml
Why PkgRadar flagged v0.16.1
| Severity | Signal | Evidence |
|---|---|---|
| high | Known Indicator Filename | github.com/alessandro-bitetto/[email protected]/testdata/fake-home/somerepo/.github/workflows/shai-hulud-workflow.yml · github.com/alessandro-bitetto/[email protected]/testdata/fake-home/somerepo/.github/workflows/shai-hulud-workflow.yml |
| high | Known Indicator Filename | github.com/alessandro-bitetto/[email protected]/testdata/ghactions/.github/workflows/shai-hulud-workflow.yml · github.com/alessandro-bitetto/[email protected]/testdata/ghactions/.github/workflows/shai-hulud-workflow.yml |
| medium | Remote Payload | matched "curl " · github.com/alessandro-bitetto/[email protected]/internal/detectors/heuristic/cishell.go |
| medium | Remote Payload | matched "invoke-webrequest" · github.com/alessandro-bitetto/[email protected]/internal/detectors/hostforensics/powershell.go |
| medium | Remote Payload | matched "curl " · github.com/alessandro-bitetto/[email protected]/internal/detectors/hostforensics/shellrc.go |
| medium | Remote Payload | matched "raw.githubusercontent.com" · github.com/alessandro-bitetto/[email protected]/internal/detectors/trustdrift/trustdrift.go |
| medium | Remote Payload | matched "raw.githubusercontent.com" · github.com/alessandro-bitetto/[email protected]/internal/findings/sarif.go |
| medium | Remote Payload | matched "cURL " · github.com/alessandro-bitetto/[email protected]/internal/registries/maven.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.16.1 | High risk | 185 | 2026-06-12 |
Block this in CI
pkgradar gate --ecosystem go github.com/alessandro-bitetto/[email protected]