Go modules · proxy.golang.org
github.com/step-security/dev-machine-guard
Remote Payload: matched "curl "
Why PkgRadar flagged v1.11.3
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · github.com/step-security/[email protected]/internal/detector/configaudit/pipconfig_findings.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v1.11.3 | Review | 52 | 2026-06-11 |
v1.11.4 | Review | 52 | 2026-06-11 |
v1.11.5 | Review | 52 | 2026-06-11 |
v1.12.0 | Review | 67 | 2026-06-11 |
Block this in CI
pkgradar gate --ecosystem go github.com/step-security/[email protected]