Go modules · proxy.golang.org

github.com/rancher/tfp-automation

Remote Payload: matched "curl "

Why PkgRadar flagged v0.0.0-20260610171429-5ddb76af29ca

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · github.com/rancher/[email protected]/framework/set/provisioning/custom/locals/setLocals.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260610171429-5ddb76af29ca`	Review	12	2026-06-11
`v0.0.0-20260610163824-3f7a748d3a28`	Review	12	2026-06-11
`v0.0.0-20260609175812-c8ae09223280`	Review	12	2026-06-10
`v0.0.0-20260605212717-13ff06e11dcd`	Review	12	2026-06-07
`v0.0.0-20260605195851-5bb9923968dd`	Review	12	2026-06-06
`v0.0.0-20260604203037-33dec16a7689`	Review	12	2026-06-05
`v0.0.0-20260604174848-01507d4071ae`	Review	12	2026-06-05
`v0.0.0-20260603212644-8ac6f0c7fed3`	Review	12	2026-06-04
`v0.0.0-20260528215432-b657fd58df43`	Review	12	2026-05-29
`v0.0.0-20260528214232-e2bbdaed21a5`	Review	12	2026-05-29

Block this in CI

PkgRadar gates github.com/rancher/tfp-automation (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/rancher/[email protected]