Go modules · proxy.golang.org

github.com/pedronis/snappy

Remote Payload: matched "cURL "

Why PkgRadar flagged v0.0.0-20260605110015-190ec8d02e5c

Severity	Signal	Evidence
medium	Remote Payload	matched "cURL " · github.com/pedronis/[email protected]/client/interfaces.go
medium	Remote Payload	matched "cURL " · github.com/pedronis/[email protected]/cmd/snap/cmd_interface.go
medium	Remote Payload	matched "cURL " · github.com/pedronis/[email protected]/daemon/api_json.go
medium	Remote Payload	matched "cURL " · github.com/pedronis/[email protected]/interfaces/builtin/common.go
medium	Remote Payload	matched "cURL " · github.com/pedronis/[email protected]/interfaces/core.go
medium	Remote Payload	matched "cURL " · github.com/pedronis/[email protected]/interfaces/repo.go
medium	Remote Payload	matched "cURL " · github.com/pedronis/[email protected]/overlord/devicestate/devicestatetest/gadget.go
medium	Remote Payload	matched "cURL " · github.com/pedronis/[email protected]/overlord/devicestate/handlers_serial.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260605110015-190ec8d02e5c`	High risk	106	2026-06-07
`v0.0.0-20260603072122-dd8e1b6e5e73`	High risk	106	2026-06-04
`v0.0.0-20260529172857-76051e1a5f69`	High risk	106	2026-06-02
`v0.0.0-20260529120630-bd4435630204`	Review	106	2026-05-30

Block this in CI

PkgRadar gates github.com/pedronis/snappy (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/pedronis/[email protected]