Go modules · proxy.golang.org

github.com/meulengracht/snapd

Remote Payload: matched "cURL "

Why PkgRadar flagged v0.0.0-20260528055526-e89a3d599678

Severity	Signal	Evidence
medium	Remote Payload	matched "cURL " · github.com/meulengracht/[email protected]/client/interfaces.go
medium	Remote Payload	matched "cURL " · github.com/meulengracht/[email protected]/cmd/snap/cmd_interface.go
medium	Remote Payload	matched "cURL " · github.com/meulengracht/[email protected]/daemon/api_json.go
medium	Remote Payload	matched "cURL " · github.com/meulengracht/[email protected]/interfaces/builtin/common.go
medium	Remote Payload	matched "cURL " · github.com/meulengracht/[email protected]/interfaces/core.go
medium	Remote Payload	matched "cURL " · github.com/meulengracht/[email protected]/interfaces/repo.go
medium	Remote Payload	matched "cURL " · github.com/meulengracht/[email protected]/overlord/devicestate/devicestatetest/gadget.go
medium	Remote Payload	matched "cURL " · github.com/meulengracht/[email protected]/overlord/devicestate/handlers_serial.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260528055526-e89a3d599678`	High risk	106	2026-06-04

Block this in CI

PkgRadar gates github.com/meulengracht/snapd (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/meulengracht/[email protected]