Go modules · proxy.golang.org

github.com/puertomontt/kgateway/v2

Go Generate Shell: //go:generate directive shells out to curl/wget/bash — runs during `go generate`.

Why PkgRadar flagged v2.0.0-main.0.20260505204949-919f339a157c

Severity	Signal	Evidence
medium	Go Generate Shell	//go:generate directive shells out to curl/wget/bash — runs during `go generate`. · github.com/puertomontt/kgateway/[email protected]/pkg/utils/filter_types/filter_types.go
medium	Remote Payload	matched "curl\n\n" · github.com/puertomontt/kgateway/[email protected]/pkg/utils/requestutils/curl/native_request.go
medium	Remote Payload	matched "curl\n\n" · github.com/puertomontt/kgateway/[email protected]/pkg/utils/requestutils/curl/option.go
medium	Remote Payload	matched "curl\n\n" · github.com/puertomontt/kgateway/[email protected]/pkg/utils/requestutils/curl/request.go
medium	Remote Payload	matched "curl\n\n" · github.com/puertomontt/kgateway/[email protected]/pkg/utils/requestutils/grpcurl/options.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v2.0.0-main.0.20260505204949-919f339a157c`	High risk	66	2026-06-11
`v2.0.0-main.0.20260610165719-dca4aced8fca`	High risk	66	2026-06-11

Block this in CI

PkgRadar gates github.com/puertomontt/kgateway/v2 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/puertomontt/kgateway/[email protected]