Go modules · proxy.golang.org
github.com/daniel-moreno-levy-gravwell/gravwell/v4
Go Init Env Token Exfil: Go init() reads CI / npm / cloud env tokens AND has network/exec on the same scope — canonical credential-exfil shape.
Why PkgRadar flagged v4.0.0-20260601184446-90fdc4b5ead2
| Severity | Signal | Evidence |
|---|---|---|
| high | Go Init Env Token Exfil | Go init() reads CI / npm / cloud env tokens AND has network/exec on the same scope — canonical credential-exfil shape. · github.com/daniel-moreno-levy-gravwell/gravwell/[email protected]/ingest/processors/plugin/packages.go |
| high | Go Init Env Token Exfil | Go init() reads CI / npm / cloud env tokens AND has network/exec on the same scope — canonical credential-exfil shape. · github.com/daniel-moreno-levy-gravwell/gravwell/[email protected]/ingest/processors/plugin/packages_windows.go |
| medium | Remote Payload | matched "CUrl " · github.com/daniel-moreno-levy-gravwell/gravwell/[email protected]/ingesters/HttpIngester/hec_config.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v4.0.0-20260601184446-90fdc4b5ead2 | High risk | 72 | 2026-06-02 |
Block this in CI
pkgradar gate --ecosystem go github.com/daniel-moreno-levy-gravwell/gravwell/[email protected]