Go modules · proxy.golang.org
github.com/sourcegraph/src-cli
Remote Payload: matched "curl "
Why PkgRadar flagged v0.0.0-20260611121319-2a185a583449
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · github.com/sourcegraph/[email protected]/cmd/src/api.go |
| medium | Remote Payload | matched "Curl " · github.com/sourcegraph/[email protected]/internal/api/flags.go |
| medium | Remote Payload | matched "cURL " · github.com/sourcegraph/[email protected]/internal/batches/ui/json_lines.go |
| medium | Remote Payload | matched "cURL " · github.com/sourcegraph/[email protected]/internal/batches/ui/tui.go |
| medium | Remote Payload | matched "curl " · github.com/sourcegraph/[email protected]/internal/clicompat/api_flags.go |
| medium | Go Mod Replace Local | go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only. · github.com/sourcegraph/[email protected]/go.mod |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.0.0-20260611121319-2a185a583449 | High risk | 70 | 2026-06-12 |
v0.0.0-20260610134424-65413c2eb780 | High risk | 70 | 2026-06-11 |
v0.0.0-20260602152915-65e12ede57d1 | High risk | 70 | 2026-06-03 |
v0.0.0-20260601152412-4bcd4ce9f706 | High risk | 70 | 2026-06-02 |
v0.0.0-20260529182333-e3e7712002f8 | Review | 70 | 2026-05-31 |
Block this in CI
pkgradar gate --ecosystem go github.com/sourcegraph/[email protected]