Go modules · proxy.golang.org

github.com/internetarchive/openlibrary

Remote Payload: matched "curl "

Why PkgRadar flagged v0.0.0-20260528065530-3c3247c34cf4

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · github.com/internetarchive/[email protected]/docker/ol-local-solr-start.sh
medium	Remote Payload	matched "curl " · github.com/internetarchive/[email protected]/docker/ol-solr-updater-start.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260602222638-4aa2b73e6857`	Low risk	0	2026-06-04
`v0.0.0-20260531194436-f512d62c9c1f`	Low risk	0	2026-06-01
`v0.0.0-20260529161622-2bc0dee9a0d3`	Low risk	0	2026-05-31
`v0.0.0-20260528221312-56c9fcf4b3eb`	Low risk	0	2026-05-29
`v0.0.0-20260528165313-3d2f3c8e95e9`	Low risk	0	2026-05-29
`v0.0.0-20260528065530-3c3247c34cf4`	Review	24	2026-05-29

Block this in CI

PkgRadar gates github.com/internetarchive/openlibrary (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/internetarchive/[email protected]