PkgRadar

Go modules · proxy.golang.org

github.com/ignaciojeria/sync

Remote Payload: matched "github.com/Ignaciojeria/wede/releases/download"

Why PkgRadar flagged v1.0.8

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/Ignaciojeria/wede/releases/download" · github.com/ignaciojeria/[email protected]/internal/localcli/wede.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v1.0.8Review122026-06-18
v1.0.7Review122026-06-17
v1.0.4Low risk02026-06-13
v1.0.2Low risk02026-06-09
v1.0.1Low risk02026-06-09
v1.0.0Low risk02026-06-09
v0.0.0-20260605022023-20aee56b934cLow risk02026-06-06

Block this in CI

PkgRadar gates github.com/ignaciojeria/sync (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/ignaciojeria/[email protected]
Start free — 25 scans / moView full evidence