Go modules · proxy.golang.org
github.com/jandedobbeleer/oh-my-posh3/src
Remote Payload: matched "github.com/ryanoasis/nerd-fonts/releases/download"
Why PkgRadar flagged v0.0.0-20260604105257-00aa50da3b72
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "github.com/ryanoasis/nerd-fonts/releases/download" · github.com/jandedobbeleer/oh-my-posh3/[email protected]/cli/image/image.go |
| medium | Remote Payload | matched "github.com/JanDeDobbeleer/oh-my-posh/releases/download" · github.com/jandedobbeleer/oh-my-posh3/[email protected]/cli/upgrade/config.go |
| medium | Remote Payload | matched "raw.githubusercontent.com" · github.com/jandedobbeleer/oh-my-posh3/[email protected]/config/backup.go |
| medium | Remote Payload | matched "raw.githubusercontent.com" · github.com/jandedobbeleer/oh-my-posh3/[email protected]/config/load.go |
| medium | Remote Payload | matched "raw.githubusercontent.com" · github.com/jandedobbeleer/oh-my-posh3/[email protected]/runtime/http/download.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.0.0-20260604105257-00aa50da3b72 | High risk | 70 | 2026-06-07 |
v0.0.0-20260601001158-86f59697f2b3 | High risk | 70 | 2026-06-02 |
Block this in CI
pkgradar gate --ecosystem go github.com/jandedobbeleer/oh-my-posh3/[email protected]