Go modules · proxy.golang.org
github.com/nanovms/nvm
Remote Payload: matched "curl "
Why PkgRadar flagged v0.0.0-20260531154124-ad0a36ecc9de
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · github.com/nanovms/[email protected]/cmd/run_local_instance.go |
| medium | Remote Payload | matched "curl " · github.com/nanovms/[email protected]/daemon/daemon.go |
| medium | Remote Payload | matched "cURL " · github.com/nanovms/[email protected]/provider/digitalocean/digital_ocean_image.go |
| medium | Remote Payload | matched "curl " · github.com/nanovms/[email protected]/provider/hetzner/hetzner_image.go |
| medium | Remote Payload | matched "curl " · github.com/nanovms/[email protected]/provider/onprem/onprem_instance.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.0.0-20260531154124-ad0a36ecc9de | High risk | 75 | 2026-06-03 |
v0.0.0-20260530004201-e32397314183 | High risk | 75 | 2026-06-01 |
v0.0.0-20260527144748-b2e63a87aa14 | Review | 75 | 2026-05-29 |
Block this in CI
pkgradar gate --ecosystem go github.com/nanovms/[email protected]