Go modules · proxy.golang.org
github.com/stacklok/toolhive
Remote Payload: matched "curl "
Why PkgRadar flagged v0.29.0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · github.com/stacklok/[email protected]/cmd/thv/app/tui.go |
| medium | Remote Payload | matched "cURL " · github.com/stacklok/[email protected]/pkg/auth/oauth/oidc.go |
| medium | Remote Payload | matched "Curl " · github.com/stacklok/[email protected]/pkg/tui/keys.go |
| medium | Remote Payload | matched "curl " · github.com/stacklok/[email protected]/pkg/tui/view_statusbar.go |
| medium | Credential file access | matched ".npmrc" · github.com/stacklok/[email protected]/pkg/runner/protocol.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.29.0 | High risk | 68 | 2026-06-04 |
v0.28.4-0.20260603102814-535e8084bd6e | High risk | 68 | 2026-06-04 |
Block this in CI
pkgradar gate --ecosystem go github.com/stacklok/[email protected]