Go modules · proxy.golang.org

github.com/lf-decentralized-trust-labs/paladin/config

Shell Credential File Read

Why PkgRadar flagged v0.0.0-20260624185201-cbefb02c24c9

Severity	Signal	Evidence
high	Shell Credential File Read	github.com/lf-decentralized-trust-labs/paladin/[email protected]/pkg/pldconf/signer.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260624185201-cbefb02c24c9`	High risk	45	2026-06-26
`v0.0.0-20260619194915-70e4e5588572`	Low risk	0	2026-06-21
`v0.0.0-20260619113038-e6e67684031b`	Low risk	0	2026-06-20
`v0.0.0-20260618134817-387b88372722`	Low risk	0	2026-06-19
`v0.0.0-20260616161721-39bb80be3687`	Low risk	0	2026-06-17
`v0.0.0-20260611160930-3364d5be992c`	Low risk	0	2026-06-12
`v0.0.0-20260608205806-8e5e13ae9315`	Low risk	0	2026-06-10
`v0.0.0-20260604105623-85949146f482`	Low risk	0	2026-06-07
`v0.0.0-20260602153024-460bcc4abfc0`	Low risk	0	2026-06-03

Block this in CI

PkgRadar gates github.com/lf-decentralized-trust-labs/paladin/config (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/lf-decentralized-trust-labs/paladin/[email protected]