Go modules · proxy.golang.org

github.com/keybase/client

Shell Credential File Read, Go Cgo Preamble

Why PkgRadar flagged v2.5.1-0.20180808175816-385c2dd6ad93+incompatible

Severity	Signal	Evidence
high	Shell Credential File Read	—

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v2.5.1-0.20180808175816-385c2dd6ad93+incompatible`	High risk	45	2026-06-28
`v1.0.19-0.20170206170805-59de17806729`	Low risk	0	2026-06-28
`v0.0.0-20221220222003-6b707563f927`	Low risk	0	2026-06-28
`v6.0.2-0.20221220222003-6b707563f927+incompatible`	Low risk	0	2026-06-28
`v1.0.48-0.20180502171453-9b584e3c9915`	Low risk	0	2026-06-18
`v2.9.1-0.20181121203632-489aa746c0c4+incompatible`	Low risk	0	2026-06-12
`v1.0.0-beta.8.0.20150922184632-02da8deca221`	Low risk	0	2026-06-04

Block this in CI

PkgRadar gates github.com/keybase/client (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/keybase/[email protected]+incompatible