Go modules · proxy.golang.org
github.com/ava-labs/avalanchego/graft/coreth
Go Generate Shell: //go:generate directive shells out to curl/wget/bash — runs during `go generate`.
Why PkgRadar flagged v1.14.3-0.20260609004932-345fdfaa749b
| Severity | Signal | Evidence |
|---|---|---|
| medium | Go Generate Shell | //go:generate directive shells out to curl/wget/bash — runs during `go generate`. · github.com/ava-labs/avalanchego/graft/[email protected]/plugin/evm/compile.go |
| medium | Remote Payload | matched "curl " · github.com/ava-labs/avalanchego/graft/[email protected]/go.sum |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v1.14.3-0.20260609004932-345fdfaa749b | Review | 27 | 2026-06-10 |
v1.14.3-0.20260603151011-1339ef45dc6c | Review | 27 | 2026-06-10 |
v1.14.3-0.20260602193739-919446e8501f | Review | 27 | 2026-06-05 |
v1.14.3-0.20260603174913-47c06ddd6529 | Review | 27 | 2026-06-04 |
v1.14.3-0.20260603133342-15a574a27d75 | Review | 27 | 2026-06-04 |
v1.14.3-0.20260603163712-fb174e8925ba | Review | 27 | 2026-06-04 |
v1.14.3-0.20260602150254-74e4738be230 | Review | 27 | 2026-06-03 |
v1.14.3-0.20260528202939-89ac856f8755 | Review | 27 | 2026-06-01 |
v0.0.0-20260528202939-89ac856f8755 | Review | 27 | 2026-06-01 |
Block this in CI
pkgradar gate --ecosystem go github.com/ava-labs/avalanchego/graft/[email protected]