Go modules · proxy.golang.org

github.com/evildao/wechat-sdk

Remote Payload: matched "curl "

Why PkgRadar flagged v1.1.3-0.20200511014503-f850dd9e17bb

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · github.com/evildao/[email protected]/message/customer_message.go
medium	Remote Payload	matched "cURL " · github.com/evildao/[email protected]/message/message.go
medium	Remote Payload	matched "cURL " · github.com/evildao/[email protected]/message/music.go
medium	Remote Payload	matched "cURL " · github.com/evildao/[email protected]/message/news.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v1.1.3-0.20200511014503-f850dd9e17bb`	High risk	48	2026-06-04
`v1.1.1`	High risk	48	2026-06-04
`v1.1.2`	High risk	48	2026-06-04
`v1.0.0`	High risk	48	2026-06-04
`v1.1.0`	High risk	48	2026-06-04

Block this in CI

PkgRadar gates github.com/evildao/wechat-sdk (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/evildao/[email protected]