Go modules · proxy.golang.org

github.com/chillibits/spice

Remote Payload: matched "curl "

Why PkgRadar flagged v0.0.0-20260527190941-c60f7fc55a46

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · github.com/chillibits/[email protected]/setup-libs.sh
medium	Remote Payload	matched "wget " · github.com/chillibits/[email protected]/tools/codespace-setup.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260614225434-35379f9a7b84`	Low risk	0	2026-06-15
`v0.0.0-20260614223820-d4ae7f234754`	Low risk	0	2026-06-15
`v0.0.0-20260614153013-4fc8229aa078`	Low risk	0	2026-06-15
`v0.0.0-20260611113625-090d94cdd0c5`	Low risk	0	2026-06-12
`v0.0.0-20260610082518-ee7845cb6943`	Low risk	0	2026-06-11
`v0.0.0-20260609162938-fe661b8c1d9e`	Low risk	0	2026-06-10
`v0.0.0-20260608183519-1d61a9508390`	Low risk	0	2026-06-10
`v0.0.0-20260607191411-cc8e135e0353`	Low risk	0	2026-06-08
`v0.0.0-20260607183300-8c9909619649`	Low risk	0	2026-06-08
`v0.0.0-20260605171757-304d832dddc5`	Low risk	0	2026-06-07
`v0.0.0-20260604213039-6801143f1edc`	Low risk	0	2026-06-06
`v0.0.0-20260601224910-d97dee5e7afc`	Low risk	0	2026-06-03
`v0.0.0-20260529133954-70ff77b021fc`	Low risk	0	2026-05-30
`v0.0.0-20260528225036-d0abed19139c`	Low risk	0	2026-05-30
`v0.0.0-20260527190941-c60f7fc55a46`	Review	24	2026-05-29

Block this in CI

PkgRadar gates github.com/chillibits/spice (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/chillibits/[email protected]