Go modules · proxy.golang.org

github.com/sheidkamp/kgateway/v2

Go Generate Shell: //go:generate directive shells out to curl/wget/bash — runs during `go generate`.

Why PkgRadar flagged v2.1.0-port-mapping.0.20260602171742-ed7f899c3e76

Severity	Signal	Evidence
medium	Go Generate Shell	//go:generate directive shells out to curl/wget/bash — runs during `go generate`. · github.com/sheidkamp/kgateway/[email protected]/pkg/utils/filter_types/filter_types.go
medium	Remote Payload	matched "curl\n\n" · github.com/sheidkamp/kgateway/[email protected]/pkg/utils/requestutils/curl/native_request.go
medium	Remote Payload	matched "curl\n\n" · github.com/sheidkamp/kgateway/[email protected]/pkg/utils/requestutils/curl/option.go
medium	Remote Payload	matched "curl\n\n" · github.com/sheidkamp/kgateway/[email protected]/pkg/utils/requestutils/curl/request.go
medium	Remote Payload	matched "curl\n\n" · github.com/sheidkamp/kgateway/[email protected]/pkg/utils/requestutils/grpcurl/options.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v2.1.0-port-mapping.0.20260602171742-ed7f899c3e76`	High risk	66	2026-06-03

Block this in CI

PkgRadar gates github.com/sheidkamp/kgateway/v2 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/sheidkamp/kgateway/[email protected]