Go modules · proxy.golang.org

github.com/libp2p/go-libp2p-kad-dht

Shell Credential File Read

Why PkgRadar flagged v0.40.1-0.20260625052158-466223998256

Severity	Signal	Evidence
high	Shell Credential File Read	github.com/libp2p/[email protected]/provider/keystore/keystore.go
high	Shell Credential File Read	github.com/libp2p/[email protected]/provider/keystore/options.go
high	Shell Credential File Read	github.com/libp2p/[email protected]/provider/keystore/resettable_keystore.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.40.1-0.20260625052158-466223998256`	High risk	100	2026-06-26
`v0.0.0-20181103041146-b579e0352c7c`	Low risk	0	2026-06-26
`v0.0.0-20190907173847-e216d3cf6cfa`	Low risk	0	2026-06-25
`v0.40.1-0.20260617100038-10d5605ce799`	Low risk	0	2026-06-18
`v0.39.3-0.20260617095234-35d8d8bb01f5`	Low risk	0	2026-06-18
`v0.40.1-0.20260616203420-146f2cfad786`	Low risk	0	2026-06-17
`v0.40.1-0.20260616074740-75bc4749570b`	Low risk	0	2026-06-17
`v0.1.2-0.20190626191213-8fe679a4d4de`	Low risk	0	2026-06-17
`v0.0.0-20260420155941-bef178c52ff2`	Low risk	0	2026-06-07
`v0.40.1-0.20260605061321-73bd7fd5d62e`	Low risk	0	2026-06-06

Block this in CI

PkgRadar gates github.com/libp2p/go-libp2p-kad-dht (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/libp2p/[email protected]