Go modules · proxy.golang.org

github.com/k0sproject/rig/v2

Remote Payload: matched "curl "

Why PkgRadar flagged v2.0.0-beta.2.0.20260612130231-c3b7a51a0af6

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · github.com/k0sproject/rig/[email protected]/remotefs/posixfs.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v2.0.0-beta.2.0.20260612130231-c3b7a51a0af6`	Review	32	2026-06-13
`v2.0.0-beta.2.0.20260611090153-8bbc03d930d7`	Review	32	2026-06-12
`v2.0.0-beta.2.0.20260610121539-333ab479066c`	Review	32	2026-06-11
`v2.0.0-beta.2.0.20260610110012-061cdcdfba5d`	Review	32	2026-06-11
`v2.0.0-beta.2`	Review	32	2026-06-10
`v2.0.0-beta.1`	Review	27	2026-06-04

Block this in CI

PkgRadar gates github.com/k0sproject/rig/v2 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/k0sproject/rig/[email protected]