Go modules · proxy.golang.org

github.com/danmar/cppcheck

Remote Payload: matched "wget "

Why PkgRadar flagged v0.0.0-20260528084909-91ceb735c880

Severity	Signal	Evidence
medium	Remote Payload	matched "wget " · github.com/danmar/[email protected]/democlient/build.sh
medium	Remote Payload	matched "curl " · github.com/danmar/[email protected]/test/cfg/runtests.sh
medium	Remote Payload	matched "curl " · github.com/danmar/[email protected]/tools/run-coverity.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260616065323-a7faefc9203c`	Low risk	0	2026-06-17
`v0.0.0-20260614223027-987d3b48a3fe`	Low risk	0	2026-06-15
`v0.0.0-20260614203236-2fac13df7df9`	Low risk	0	2026-06-15
`v0.0.0-20260612135012-9becbb6e8a3b`	Low risk	0	2026-06-13
`v0.0.0-20260610184328-21de4faec573`	Low risk	0	2026-06-12
`v0.0.0-20260608064006-22b3464e0608`	Low risk	0	2026-06-09
`v0.0.0-20260608063556-fdbb42c76083`	Low risk	0	2026-06-09
`v0.0.0-20260605145600-707f262560ac`	Low risk	0	2026-06-06
`v0.0.0-20260604200253-2285c1daf9e6`	Low risk	0	2026-06-05
`v0.0.0-20260604075914-56d86d3fabb3`	Low risk	0	2026-06-05
`v0.0.0-20260604074408-bb69f669438f`	Low risk	0	2026-06-05
`v0.0.0-20260604070625-9f74c2db8bc8`	Low risk	0	2026-06-05
`v0.0.0-20260603173241-49b8c2aade94`	Low risk	0	2026-06-04
`v0.0.0-20260603063759-e1053dba3b09`	Low risk	0	2026-06-04
`v0.0.0-20260601152724-59a6654120b2`	Low risk	0	2026-06-02
`v0.0.0-20260531075645-8c14fc78e5dd`	Low risk	0	2026-06-01
`v0.0.0-20260529151827-bc2b84dd40d7`	Low risk	0	2026-05-30
`v0.0.0-20260529142607-97b642f1f045`	Low risk	0	2026-05-30
`v0.0.0-20260528114732-f1379d63a5e0`	Low risk	0	2026-05-29
`v0.0.0-20260528084909-91ceb735c880`	Review	36	2026-05-29

Block this in CI

PkgRadar gates github.com/danmar/cppcheck (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/danmar/[email protected]