Go modules · proxy.golang.org

github.com/gongahkia/onibi

Remote Payload: matched "curl "

Why PkgRadar flagged v0.0.0-20260611042617-857b9cbf7ce9

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · github.com/gongahkia/[email protected]/internal/approval/risk.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260611042617-857b9cbf7ce9`	Review	22	2026-06-12
`v0.0.0-20260611042209-c6bcd0eb22df`	Review	22	2026-06-12
`v0.0.0-20260611041822-ebe8d38e1ab3`	Review	22	2026-06-12
`v0.0.0-20260611041701-63c8a17120a5`	Review	22	2026-06-12
`v0.0.0-20260611040802-583541bda4e5`	Review	22	2026-06-12
`v0.0.0-20260611040552-181568aa66cb`	Review	22	2026-06-12
`v0.0.0-20260611035939-4647e4ffc062`	Review	22	2026-06-12
`v0.0.0-20260611035210-018619d7a6d7`	Review	22	2026-06-12
`v0.0.0-20260611022246-0a985cf0ca83`	Review	22	2026-06-12

Block this in CI

PkgRadar gates github.com/gongahkia/onibi (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/gongahkia/[email protected]