PkgRadar

Go modules · proxy.golang.org

github.com/obolnetwork/charon

Shell Credential File Read

Why PkgRadar flagged v1.0.0-rc1.0.20260623091100-62b98733feab

SeveritySignalEvidence
highShell Credential File Readgithub.com/obolnetwork/[email protected]/eth2util/keystore/keystore.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v1.0.0-rc1.0.20260623091100-62b98733feabHigh risk452026-06-24
v1.10.3-rc1High risk452026-06-24
v1.10.2Low risk02026-06-11
v1.0.0-rc1.0.20260603151756-9a39a9805738Low risk02026-06-08
v1.0.0-rc1.0.20260529152003-941729df3558Low risk02026-06-02
v1.10.2-rc1Low risk02026-06-02

Block this in CI

PkgRadar gates github.com/obolnetwork/charon (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/obolnetwork/[email protected]
Start free — 25 scans / moView full evidence