Go modules · proxy.golang.org

github.com/pbs-plus/go-mtf

Go Mod Replace Local: go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only.

Why PkgRadar flagged v0.5.0

Severity	Signal	Evidence
medium	Go Mod Replace Local	go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only. · github.com/pbs-plus/[email protected]/go.mod

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.20.0`	Low risk	0	2026-06-20
`v0.12.0`	Low risk	0	2026-06-20
`v0.19.0`	Low risk	0	2026-06-20
`v0.18.0`	Low risk	0	2026-06-19
`v0.17.0`	Low risk	0	2026-06-19
`v0.16.0`	Low risk	0	2026-06-19
`v0.15.0`	Low risk	0	2026-06-19
`v0.5.0`	Review	10	2026-06-19
`v0.4.0`	Low risk	0	2026-06-19
`v0.2.0`	Low risk	0	2026-06-18
`v0.1.0`	Low risk	0	2026-06-18
`v0.0.0-20260617111819-9701bd1ecf78`	Low risk	0	2026-06-18
`v0.0.0-20260617111351-a1194fe1ea55`	Low risk	0	2026-06-18
`v0.0.0-20260617105637-8a8b72a0a8da`	Low risk	0	2026-06-18
`v0.0.0-20260617031630-3483c6c667a3`	Low risk	0	2026-06-18

Block this in CI

PkgRadar gates github.com/pbs-plus/go-mtf (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/pbs-plus/[email protected]