Go modules · proxy.golang.org

github.com/chainreactors/fingers

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged v1.2.2-0.20260615064219-7e07a99c93e0

Severity	Signal	Evidence
medium	Remote Payload	matched "raw.githubusercontent.com" · github.com/chainreactors/[email protected]/cmd/transform/transform.go
medium	Remote Payload	matched "raw.githubusercontent.com" · github.com/chainreactors/[email protected]/wappalyzer/cmd/update-fingerprints/main.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v1.2.2-0.20260615064219-7e07a99c93e0`	Review	24	2026-06-16
`v1.2.2-0.20260614153228-b80596213a73`	Review	24	2026-06-16
`v1.2.2-0.20260611155635-f5c144ea1c12`	Review	24	2026-06-13
`v1.2.1`	Review	24	2026-06-09
`v1.2.1-0.20260608084741-385e7d586d6f`	Review	24	2026-06-09
`v1.2.1-0.20260530143622-9b9b6fe7ccf7`	Review	24	2026-05-31
`v1.2.1-0.20260529110839-4ef9e98d4d18`	Review	24	2026-05-30
`v1.2.1-0.20260529085838-ee9b15942808`	Review	24	2026-05-30
`v1.2.1-0.20260529085838-71a09ca1823c`	Review	24	2026-05-30
`v1.2.1-0.20260529083006-83caf4d94314`	Review	24	2026-05-30

Block this in CI

PkgRadar gates github.com/chainreactors/fingers (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/chainreactors/[email protected]