Go modules · proxy.golang.org

github.com/modelcontextprotocol/go-sdk

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged v0.0.0-20250509192946-b7672185059b

Severity	Signal	Evidence
medium	Remote Payload	matched "raw.githubusercontent.com" · github.com/modelcontextprotocol/[email protected]/mcp/protocol/generate.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v1.6.1-0.20260618135211-b85574f6851a`	Low risk	0	2026-06-19
`v0.0.0-20250509192946-b7672185059b`	Review	12	2026-06-18
`v1.6.1-0.20260616144253-d9728a88f3cd`	Low risk	0	2026-06-17
`v1.6.1-0.20260615074742-4dc99b48e1da`	Low risk	0	2026-06-16
`v1.6.1-0.20260608155210-dd978160abb3`	Low risk	0	2026-06-09
`v1.6.1-0.20260605101643-5045d86fb477`	Low risk	0	2026-06-09
`v1.6.1-0.20260602121701-c60a318d223c`	Low risk	0	2026-06-05
`v1.6.1-0.20260531083546-6d2bbff7d853`	Low risk	0	2026-06-01
`v1.6.1-0.20260529124634-dfb45f1e119e`	Low risk	0	2026-05-31
`v1.6.1-0.20260529072934-189a85ad92ff`	Low risk	0	2026-05-30

Block this in CI

PkgRadar gates github.com/modelcontextprotocol/go-sdk (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/modelcontextprotocol/[email protected]