PkgRadar

Go modules · proxy.golang.org

github.com/cjairm/devgita

Remote Payload: matched "curl "

Why PkgRadar flagged v0.21.2

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · github.com/cjairm/[email protected]/internal/apps/claude/claude.go
mediumRemote Payloadmatched "github.com/jesseduffield/lazydocker/releases/download" · github.com/cjairm/[email protected]/internal/apps/lazydocker/lazydocker.go
mediumRemote Payloadmatched "github.com/jesseduffield/lazygit/releases/download" · github.com/cjairm/[email protected]/internal/apps/lazygit/lazygit.go
mediumRemote Payloadmatched "github.com/neovim/neovim/releases/download" · github.com/cjairm/[email protected]/internal/apps/neovim/neovim.go
mediumRemote Payloadmatched "curl " · github.com/cjairm/[email protected]/internal/commands/macos.go
mediumRemote Payloadmatched "Curl " · github.com/cjairm/[email protected]/pkg/constants/constants.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.21.2High risk802026-06-11
v0.21.0High risk802026-06-10
v0.21.1High risk802026-06-10
v0.20.13-0.20260603170409-a4736323cb03High risk802026-06-05
v0.20.3High risk802026-06-03
v0.20.8High risk802026-06-03
v0.20.9High risk802026-06-03
v0.20.7High risk802026-06-03
v0.20.5High risk802026-06-03
v0.20.4High risk802026-06-03
v0.20.6High risk802026-06-03
v0.20.10High risk802026-06-03
v0.20.1High risk802026-06-03
v0.20.2High risk802026-06-03
v0.19.1Review802026-05-31
v0.19.2Review802026-05-31
v0.20.0Review802026-05-31
v0.18.2High risk802026-05-30
v0.19.0High risk802026-05-30
v0.18.3High risk802026-05-30

Block this in CI

PkgRadar gates github.com/cjairm/devgita (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/cjairm/[email protected]
Start free — 25 scans / moView full evidence