PkgRadar

Go modules · proxy.golang.org

github.com/circleci/ex

Remote Payload: matched "github.com/circleci/ex/releases/download"

Why PkgRadar flagged v1.0.21508-8dadd8f

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/circleci/ex/releases/download" · github.com/circleci/[email protected]/testing/releases/latest.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v1.0.21508-8dadd8fReview122026-06-12
v1.0.21402-fc22e8cReview122026-06-05
v1.0.21361-c8a40dfReview122026-06-03
v1.0.21320-cc555c8Review122026-05-30

Block this in CI

PkgRadar gates github.com/circleci/ex (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/circleci/[email protected]
Start free — 25 scans / moView full evidence