PkgRadar

Go modules · proxy.golang.org

github.com/maruel/caic

Go Generate Shell: //go:generate directive shells out to curl/wget/bash — runs during `go generate`.

Why PkgRadar flagged v0.9.2-0.20260602130615-1468cd1173ca

SeveritySignalEvidence
mediumGo Generate Shell//go:generate directive shells out to curl/wget/bash — runs during `go generate`. · github.com/maruel/[email protected]/backend/internal/agent/claudecode/generate.go
mediumGo Generate Shell//go:generate directive shells out to curl/wget/bash — runs during `go generate`. · github.com/maruel/[email protected]/backend/internal/agent/codex/generate.go
mediumGo Generate Shell//go:generate directive shells out to curl/wget/bash — runs during `go generate`. · github.com/maruel/[email protected]/backend/internal/agent/opencode/generate.go
mediumGo Generate Shell//go:generate directive shells out to curl/wget/bash — runs during `go generate`. · github.com/maruel/[email protected]/backend/internal/agent/pi/generate.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.9.2-0.20260602130615-1468cd1173caReview502026-06-03
v0.9.1Review502026-06-03
v0.9.1-0.20260528225021-fcba88763db7Review152026-05-29
v0.9.0Low risk02026-05-29

Block this in CI

PkgRadar gates github.com/maruel/caic (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/maruel/[email protected]
Start free — 25 scans / moView full evidence