Go modules · proxy.golang.org
github.com/sumama-jameel/nexus-engine
Remote Payload: matched "curl "
Why PkgRadar flagged v1.0.0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · github.com/sumama-jameel/[email protected]/internal/engine/configure.go |
| medium | Remote Payload | matched "github.com/nexus-os/rootfs/releases/download" · github.com/sumama-jameel/[email protected]/internal/wsl/rootfs.go |
| medium | Remote Payload | matched "raw.githubusercontent.com" · github.com/sumama-jameel/[email protected]/pkg/manifest/store.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v1.0.0 | High risk | 36 | 2026-06-11 |
v0.0.0-20260610104520-1307330a9044 | High risk | 36 | 2026-06-11 |
v0.0.0-20260610094742-236c27664adf | High risk | 36 | 2026-06-11 |
v0.0.0-20260610083617-54f825222f84 | High risk | 36 | 2026-06-11 |
v0.0.0-20260610083034-b6201664ce16 | High risk | 36 | 2026-06-11 |
v0.0.0-20260610080257-c7f2331977c9 | High risk | 36 | 2026-06-11 |
Block this in CI
pkgradar gate --ecosystem go github.com/sumama-jameel/[email protected]