Go modules · proxy.golang.org

github.com/runopsio/hoop/client

Remote Payload: matched "cURL\n\t\t\t"

Why PkgRadar flagged v0.0.0-20260610214214-e6e7f0577bfe

Severity	Signal	Evidence
medium	Remote Payload	matched "cURL\n\t\t\t" · github.com/runopsio/hoop/[email protected]/cmd/config/config.go
medium	Remote Payload	matched "cURL " · github.com/runopsio/hoop/[email protected]/cmd/login.go
medium	Remote Payload	matched "cURL " · github.com/runopsio/hoop/[email protected]/config/config.go
medium	Go Mod Replace Local	go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only. · github.com/runopsio/hoop/[email protected]/go.mod

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260610214214-e6e7f0577bfe`	High risk	46	2026-06-13
`v0.0.0-20260609123312-4f61b57d31e3`	High risk	46	2026-06-10
`v0.0.0-20260603193826-2a385b80c06b`	High risk	46	2026-06-05
`v0.0.0-20260601122200-17a94a2283f3`	High risk	46	2026-06-02
`v0.0.0-20260529191213-67aafcf14c41`	High risk	46	2026-05-31

Block this in CI

PkgRadar gates github.com/runopsio/hoop/client (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/runopsio/hoop/[email protected]