Go modules · proxy.golang.org

github.com/strongdm/leash

Go Generate Shell: //go:generate directive shells out to curl/wget/bash — runs during `go generate`.

Why PkgRadar flagged v1.1.8-0.20260406201013-fd8e0c1deb97

Severity	Signal	Evidence
medium	Go Generate Shell	//go:generate directive shells out to curl/wget/bash — runs during `go generate`. · github.com/strongdm/[email protected]/internal/entrypoint/bundled.go
medium	Go Generate Shell	//go:generate directive shells out to curl/wget/bash — runs during `go generate`. · github.com/strongdm/[email protected]/internal/lsm/manager.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v1.1.8-0.20260406201013-fd8e0c1deb97`	Review	35	2026-06-11

Block this in CI

PkgRadar gates github.com/strongdm/leash (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/strongdm/[email protected]