Go modules · proxy.golang.org

github.com/hm-edu/portal-common

Remote Payload: matched "curl "

Why PkgRadar flagged v0.0.0-20260528034402-252d9bc16ef1

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · github.com/hm-edu/[email protected]/helper/install-go-tools.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260614052208-cc13ff19a5c5`	Low risk	0	2026-06-15
`v0.0.0-20260613132347-a1589de7a36f`	Low risk	0	2026-06-14
`v0.0.0-20260613131947-126a89bc1a50`	Low risk	0	2026-06-14
`v0.0.0-20260529061954-152c34c78feb`	Low risk	0	2026-05-30
`v0.0.0-20260529054853-209625015e5c`	Low risk	0	2026-05-30
`v0.0.0-20260528145945-76691ba61fdd`	Low risk	0	2026-05-29
`v0.0.0-20260528143120-e49e540c32f5`	Low risk	0	2026-05-29
`v0.0.0-20260528034402-252d9bc16ef1`	Review	12	2026-05-29
`v0.0.0-20260528034350-cdc8023393e1`	Review	12	2026-05-29

Block this in CI

PkgRadar gates github.com/hm-edu/portal-common (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/hm-edu/[email protected]