Go modules · proxy.golang.org

github.com/guigui-gui/guigui

Remote Payload: matched "github.com/notofonts/noto-cjk/releases/download"

Why PkgRadar flagged v0.0.0-20260609164110-721b8fc73a67

Severity	Signal	Evidence
medium	Remote Payload	matched "github.com/notofonts/noto-cjk/releases/download" · github.com/guigui-gui/[email protected]/basicwidget/cjkfont/gen.go
medium	Remote Payload	matched "github.com/rsms/inter/releases/download" · github.com/guigui-gui/[email protected]/basicwidget/internal/font/gen.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260609164110-721b8fc73a67`	Review	24	2026-06-10
`v0.0.0-20260609132754-6657a6b63a4b`	Review	24	2026-06-10
`v0.0.0-20260608184217-54043e1fd5c7`	Review	24	2026-06-09
`v0.0.0-20260608152802-f45dc4965ab5`	Review	24	2026-06-09
`v0.0.0-20260608082839-24329a81d884`	Review	24	2026-06-09
`v0.0.0-20260607115543-7dec54853f72`	Review	24	2026-06-08
`v0.0.0-20260607101058-4461838550a1`	Review	24	2026-06-08
`v0.0.0-20260607093411-14d0182cfd45`	Review	24	2026-06-08
`v0.0.0-20260607091820-76c41f91d74b`	Review	24	2026-06-08
`v0.0.0-20260607084421-284e3efd9a91`	Review	24	2026-06-08
`v0.0.0-20260131180455-f22bdbf6f432`	Review	24	2026-06-08
`v0.0.0-20260606103249-bd5fcc7ba67a`	Review	24	2026-06-07
`v0.0.0-20260606101644-7a1a8785c740`	Review	24	2026-06-07
`v0.0.0-20260606011911-f79386c88588`	Review	24	2026-06-07
`v0.0.0-20260606005614-50e3a2115fc9`	Review	24	2026-06-07
`v0.0.0-20260605151512-64b24e581d57`	Review	24	2026-06-06
`v0.0.0-20260604152825-da84e5173b09`	Review	24	2026-06-05
`v0.0.0-20260529164304-f6fa4eb0c666`	Review	24	2026-05-30
`v0.0.0-20260529030226-3dfaa76ecefb`	Review	24	2026-05-30
`v0.0.0-20260528115658-b98466002991`	Review	24	2026-05-29
`v0.0.0-20260528045024-804a138beccc`	Review	24	2026-05-29

Block this in CI

PkgRadar gates github.com/guigui-gui/guigui (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/guigui-gui/[email protected]