Go modules · proxy.golang.org

github.com/cloudposse/atmos

Remote Payload: matched "cURL "

Why PkgRadar flagged v1.221.0-rc.3

Severity	Signal	Evidence
medium	Remote Payload	matched "cURL " · github.com/cloudposse/[email protected]/pkg/aws/security/ocsf.go
medium	Remote Payload	matched "raw.githubusercontent.com" · github.com/cloudposse/[email protected]/pkg/config/default.go
medium	Remote Payload	matched "raw.githubusercontent.com" · github.com/cloudposse/[email protected]/pkg/http/client.go
medium	Remote Payload	matched "github.com/%s/%s/releases/download" · github.com/cloudposse/[email protected]/pkg/toolchain/installer/asset.go
medium	Remote Payload	matched "curl " · github.com/cloudposse/[email protected]/pkg/toolchain/installer/download.go
medium	Remote Payload	matched "raw.githubusercontent.com" · github.com/cloudposse/[email protected]/pkg/toolchain/installer/installer.go
medium	Remote Payload	matched "raw.githubusercontent.com" · github.com/cloudposse/[email protected]/pkg/toolchain/registry/aqua/aqua.go
medium	Remote Payload	matched "github.com/%s/%s/releases/download" · github.com/cloudposse/[email protected]/pkg/toolchain/verification/checksum.go
medium	Remote Payload	matched "github.com/%s/%s/releases/download" · github.com/cloudposse/[email protected]/pkg/toolchain/verification/signature.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v1.221.0-rc.3`	High risk	165	2026-06-04
`v0.0.0-20260602212912-4427fbb048ed`	High risk	165	2026-06-03
`v0.0.0-20260602014259-edca67f5d15a`	High risk	165	2026-06-03
`v1.221.0-rc.1.0.20260601212312-e1b7ad06081a`	High risk	165	2026-06-02
`v0.0.0-20260601212312-e1b7ad06081a`	High risk	165	2026-06-02
`v1.221.0-rc.1.0.20260530233219-30238462ca77`	High risk	165	2026-06-01
`v0.0.0-20260530233219-30238462ca77`	High risk	165	2026-06-01
`v1.221.0-rc.1`	High risk	165	2026-05-31
`v1.221.0-rc.1.0.20260530023402-6259051fef0b`	Review	165	2026-05-31
`v0.0.0-20260530023402-6259051fef0b`	Review	165	2026-05-31
`v1.221.0-rc.0.0.20260529164003-ac6321c6d7f6`	Review	165	2026-05-30
`v0.0.0-20260528044550-7ada7dbf37a1`	High risk	165	2026-05-30
`v1.220.0`	High risk	165	2026-05-30
`v1.221.0-rc.0.0.20260529050705-b30a4c28c69d`	Review	165	2026-05-30
`v0.0.0-20260529050705-b30a4c28c69d`	Review	165	2026-05-30
`v1.221.0-rc.0.0.20260529031011-fb10beec8be5`	Review	165	2026-05-30
`v1.221.0-rc.0`	Review	165	2026-05-30

Block this in CI

PkgRadar gates github.com/cloudposse/atmos (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/cloudposse/[email protected]