Go modules · proxy.golang.org

github.com/hephbuild/heph

Remote Payload, Obfuscation Density

Why PkgRadar flagged v0.0.0-20260131164645-f4e58d26ae47

Severity	Signal	Evidence
medium	Remote Payload	—

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20230912093808-2f40d7a73f42`	Low risk	0	2026-06-27
`v0.0.0-20221103170834-eafdd5f5d623`	Low risk	0	2026-06-27
`v0.0.0-20240317165957-3ec87a1f4123`	Low risk	0	2026-06-27
`v0.0.0-20230203161519-2d86049d3837`	Low risk	0	2026-06-27
`v0.0.0-20221024182958-f86c7341194a`	Low risk	0	2026-06-27
`v1.0.0-alpha.0.20260610202923-6552339d1b02`	Low risk	0	2026-06-27
`v0.0.0-20260131164645-f4e58d26ae47`	Review	12	2026-06-27
`v1.0.0-alpha.0.20260606123205-3065327e5dab`	Low risk	0	2026-06-27
`v1.0.0-alpha.0.20260620132914-da729a0b85e1`	Low risk	0	2026-06-27
`v1.0.0-alpha.0.20260625213331-e2254df6fd64`	Low risk	0	2026-06-27
`v1.0.0-alpha.0.20260613113536-00347603a243`	Low risk	0	2026-06-15
`v1.0.0-alpha`	Low risk	0	2026-06-15

Block this in CI

PkgRadar gates github.com/hephbuild/heph (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/hephbuild/[email protected]