Go modules · proxy.golang.org

github.com/ceph/ceph-nvmeof

Remote Payload: matched "curl "

Why PkgRadar flagged v0.0.0-20260528063900-f2a62f5b5241

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · github.com/ceph/[email protected]/tests/atom/clusterBuildTestsRun.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260615114039-c862723fe6dc`	Low risk	0	2026-06-16
`v0.0.0-20260615072827-9787fdf8a4fe`	Low risk	0	2026-06-16
`v0.0.0-20260615062644-e6f546020270`	Low risk	0	2026-06-16
`v0.0.0-20260610024111-26e38e798913`	Low risk	0	2026-06-11
`v0.0.0-20260609075922-8cb593ddb494`	Low risk	0	2026-06-10
`v0.0.0-20260608130729-8f002739e0eb`	Low risk	0	2026-06-09
`v0.0.0-20260607134053-0765573d1e7e`	Low risk	0	2026-06-08
`v0.0.0-20260607091332-5fd7e6b41822`	Low risk	0	2026-06-08
`v0.0.0-20260607074905-519a3c5ca516`	Low risk	0	2026-06-08
`v0.0.0-20260531145630-c2361d0a31d2`	Low risk	0	2026-06-01
`v0.0.0-20260528130205-be115f5be9c6`	Low risk	0	2026-05-29
`v0.0.0-20260528063900-f2a62f5b5241`	Review	17	2026-05-29

Block this in CI

PkgRadar gates github.com/ceph/ceph-nvmeof (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/ceph/[email protected]