PkgRadar

Go modules · proxy.golang.org

github.com/aphexcx/beads

Remote Payload: matched "curl "

Why PkgRadar flagged v0.49.2

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · github.com/aphexcx/[email protected]/cmd/bd/doctor/claude.go
mediumRemote Payloadmatched "curl " · github.com/aphexcx/[email protected]/cmd/bd/doctor/version.go
mediumRemote Payloadmatched "curl " · github.com/aphexcx/[email protected]/cmd/bd/init_templates.go
mediumRemote Payloadmatched "curl " · github.com/aphexcx/[email protected]/cmd/bd/jira.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.49.2High risk482026-06-13
v0.49.3High risk482026-06-13
v0.54.1Review242026-06-13
v0.55.0Review242026-06-13
v0.9.9Low risk02026-06-13
v0.55.1Review242026-06-13
v0.34.0High risk362026-06-13
v0.56.1Review242026-06-13
v0.9.8Low risk02026-06-13
v0.35.0High risk362026-06-13
v0.54.0Review242026-06-13
v0.9.10Low risk02026-06-13
v0.17.0Low risk02026-06-13
v0.51.0Review242026-06-13
v0.47.2High risk482026-06-13
v0.46.0High risk482026-06-13
v0.29.0Review242026-06-13
v0.30.0Review242026-06-13
v0.39.0High risk362026-06-13
v0.30.2Review242026-06-13
v0.24.4High risk362026-06-13
v0.16.0Low risk02026-06-13
v0.30.1Review242026-06-13
v0.49.1High risk482026-06-13
v0.9.11Low risk02026-06-13
v0.9.4Low risk02026-06-13
v0.50.2High risk362026-06-13
v0.58.0Review242026-06-13
v0.59.1-0.20260424205641-f368f98830ceHigh risk482026-06-13
v0.59.0Review242026-06-13
v0.17.7Low risk02026-06-13
v0.59.1-0.20260611051825-040372972524High risk482026-06-13

Block this in CI

PkgRadar gates github.com/aphexcx/beads (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/aphexcx/[email protected]
Start free — 25 scans / moView full evidence