PkgRadar

Go modules · proxy.golang.org

github.com/matthewtolman/urfave-cli/v2

Remote Payload: matched "github.com/urfave/gfmrun/releases/download"

Why PkgRadar flagged v2.17.1

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/urfave/gfmrun/releases/download" · github.com/matthewtolman/urfave-cli/[email protected]/internal/build/build.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v2.17.1Review122026-06-12
v2.4.10Low risk02026-06-12
v2.7.2Low risk02026-06-12
v2.16.1Low risk02026-06-12
v2.23.5Review122026-06-12
v2.28.0Review122026-06-12
v2.28.0-pre2Review122026-06-12
v2.28.0-pre1Review122026-06-12
v2.20.0Review122026-06-12
v2.5.0Low risk02026-06-12
v2.21.0Review122026-06-12
v2.27.2Review122026-06-12
v2.11.2Low risk02026-06-12
v2.11.3Low risk02026-06-12
v2.4.3Low risk02026-06-12
v2.18.1Review122026-06-12
v2.17.0Review122026-06-12
v2.17.2Review122026-06-12
v2.1.1Low risk02026-06-12
v2.5.1Low risk02026-06-12
v2.23.8Review122026-06-12
v2.16.0Low risk02026-06-12
v2.9.0Low risk02026-06-12
v2.11.4Low risk02026-06-12
v2.24.1Review122026-06-12
v2.11.0Low risk02026-06-12
v2.23.9Review122026-06-12
v2.23.6Review122026-06-12
v2.27.5Review122026-06-12
v2.27.6Review122026-06-12
v2.10.2Low risk02026-06-12
v2.1.0Low risk02026-06-12
v2.20.5Review122026-06-12
v2.4.9Low risk02026-06-12
v2.23.1Review122026-06-12
v2.25.2Review122026-06-12
v2.12.1Low risk02026-06-12
v2.15.0Low risk02026-06-12
v2.25.7Review122026-06-12
v2.7.0Low risk02026-06-12
v2.14.2Low risk02026-06-12
v2.11.1Low risk02026-06-12
v2.27.7Review122026-06-12
v2.23.4Review122026-06-12

Block this in CI

PkgRadar gates github.com/matthewtolman/urfave-cli/v2 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/matthewtolman/urfave-cli/[email protected]
Start free — 25 scans / moView full evidence