Go modules · proxy.golang.org

github.com/jfrog/jfrog-cli-artifactory

Remote Payload: matched "curl\n\n"

Why PkgRadar flagged v0.8.1-0.20260616042325-c0a813006d5e

Severity	Signal	Evidence
medium	Remote Payload	matched "curl\n\n" · github.com/jfrog/[email protected]/artifactory/commands/curl/curl.go
medium	Remote Payload	matched "Curl " · github.com/jfrog/[email protected]/cliutils/flagkit/flags.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.8.1-0.20260616042325-c0a813006d5e`	Review	29	2026-06-17
`v0.8.1-0.20260610074911-82ce7d90edbd`	Review	29	2026-06-11
`v0.8.1-0.20260609101705-321f68d15a6d`	Review	29	2026-06-10
`v0.8.1-0.20260605085015-2102264e1ddd`	Review	29	2026-06-08
`v0.8.1-0.20260604083052-cc843d5d22c3`	Review	29	2026-06-05
`v0.8.1-0.20260604090426-c24f4507e1e6`	Review	29	2026-06-05
`v0.8.1-0.20260603051001-7fc8a5fa0aaf`	Review	29	2026-06-04
`v0.8.1-0.20260601110159-16e27949b870`	Review	29	2026-06-02
`v0.8.1-0.20260528123948-61478692b94e`	Review	29	2026-05-29
`v0.8.1-0.20260528073225-e2d59f90c8c6`	Review	44	2026-05-29

Block this in CI

PkgRadar gates github.com/jfrog/jfrog-cli-artifactory (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/jfrog/[email protected]