PkgRadar

Go modules · proxy.golang.org

github.com/shemic/dever

Remote Payload

Why PkgRadar flagged v0.1.6-0.20260623093942-4f6c1be9667c

SeveritySignalEvidence
mediumRemote Payload

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.1.6-0.20260623093942-4f6c1be9667cReview122026-07-05
v0.1.6-0.20260622152357-07695d172d67Low risk02026-06-23
v0.1.4-0.20260622150511-e47ed72dc4b5Low risk02026-06-23
v0.1.3Low risk02026-06-20
v0.1.3-0.20260618050345-d227e45db842Low risk02026-06-19
v0.0.2Low risk02026-06-18
v0.1.1-0.20260609001623-7543af55f695Low risk02026-06-13
v0.1.1-0.20260602075426-42e37d618ad4Low risk02026-06-03

Block this in CI

PkgRadar gates github.com/shemic/dever (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/shemic/[email protected]
github.com/shemic/dever — Go modules security scan | PkgRadar