Go modules · proxy.golang.org

github.com/sumnerevans/tracktime

Remote Payload: matched "api.github.com/graphql"

Why PkgRadar flagged v1.0.2-0.20260603003504-0dba05d8038d

Severity	Signal	Evidence
medium	Remote Payload	matched "api.github.com/graphql" · github.com/sumnerevans/[email protected]/internal/resolver/github.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.9.4`	Low risk	0	2026-06-11
`v0.9.20`	Low risk	0	2026-06-11
`v0.10.0`	Low risk	0	2026-06-11
`v0.9.5`	Low risk	0	2026-06-11
`v0.9.16`	Low risk	0	2026-06-11
`v0.9.2`	Low risk	0	2026-06-11
`v0.9.14`	Low risk	0	2026-06-11
`v0.9.15`	Low risk	0	2026-06-11
`v0.9.3`	Low risk	0	2026-06-11
`v0.9.12`	Low risk	0	2026-06-11
`v1.0.2-0.20260603003504-0dba05d8038d`	Review	12	2026-06-11

Block this in CI

PkgRadar gates github.com/sumnerevans/tracktime (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/sumnerevans/[email protected]