Go modules · proxy.golang.org
github.com/certusone/wormhole/node
Remote Payload: matched "cURL "
Why PkgRadar flagged v0.0.0-20260615230229-a7500b66f1ea
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "cURL " · github.com/certusone/wormhole/[email protected]/cmd/ccq/p2p.go |
| medium | Remote Payload | matched "cURL " · github.com/certusone/wormhole/[email protected]/cmd/guardiand/node.go |
| medium | Remote Payload | matched "cUrl " · github.com/certusone/wormhole/[email protected]/cmd/spy/vaa_verifier.go |
| medium | Remote Payload | matched "curl " · github.com/certusone/wormhole/[email protected]/go.sum |
| medium | Remote Payload | matched "cURL " · github.com/certusone/wormhole/[email protected]/pkg/manager/reader.go |
| medium | Remote Payload | matched "cURL " · github.com/certusone/wormhole/[email protected]/pkg/suiclient/suigrpc.go |
| medium | Remote Payload | matched "cUrl " · github.com/certusone/wormhole/[email protected]/pkg/watchers/solana/client.go |
| medium | Go Mod Replace Local | go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only. · github.com/certusone/wormhole/[email protected]/go.mod |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.0.0-20260615230229-a7500b66f1ea | High risk | 94 | 2026-06-17 |
v0.0.0-20260610171603-3041c74836bd | High risk | 94 | 2026-06-11 |
v0.0.0-20260605144433-b943bb85603f | High risk | 94 | 2026-06-06 |
v0.0.0-20260604174850-afc42b08226d | High risk | 94 | 2026-06-05 |
v0.0.0-20260604083418-194fe7ba92e7 | High risk | 82 | 2026-06-05 |
v0.0.0-20260528191307-79fc4b784aee | Review | 82 | 2026-05-29 |
v0.0.0-20260528182817-f2767b1dae04 | Review | 82 | 2026-05-29 |
v0.0.0-20260528162151-26bf0f6f7e2e | Review | 82 | 2026-05-29 |
Block this in CI
pkgradar gate --ecosystem go github.com/certusone/wormhole/[email protected]