Go modules · proxy.golang.org
github.com/cyverse-de/app-exposer
Remote Payload: matched "curl "
Why PkgRadar flagged v0.0.0-20260609204235-e1fcc912225b
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · github.com/cyverse-de/[email protected]/batch/batch.go |
| medium | Remote Payload | matched "cURL " · github.com/cyverse-de/[email protected]/cmd/vice-operator/main.go |
| medium | Remote Payload | matched "curl " · github.com/cyverse-de/[email protected]/incluster/transfers.go |
| medium | Remote Payload | matched "cURL " · github.com/cyverse-de/[email protected]/operator/transfers.go |
| medium | Go Mod Replace Local | go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only. · github.com/cyverse-de/[email protected]/go.mod |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.0.0-20260609204235-e1fcc912225b | High risk | 58 | 2026-06-11 |
v0.0.0-20260608212135-5ccb1dd253c6 | High risk | 58 | 2026-06-10 |
v0.0.0-20260604151438-8ead5f83a99f | High risk | 58 | 2026-06-07 |
v0.0.0-20260528154547-2d070aadf653 | Review | 58 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem go github.com/cyverse-de/[email protected]