PkgRadar

Go modules · proxy.golang.org

github.com/supabase/cli

Reverse Shell, Remote Payload

Why PkgRadar flagged v0.0.0-20240510074230-46d77b99d617

SeveritySignalEvidence
highReverse Shellgithub.com/supabase/[email protected]/internal/start/start.go
mediumRemote Payloadgithub.com/supabase/[email protected]/tools/publish/main.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.0.0-20240510074230-46d77b99d617High risk522026-06-23
v2.103.0+incompatibleLow risk02026-06-22
v2.107.0+incompatibleLow risk02026-06-19
v0.0.0-20260615085949-8b0896f96024Low risk02026-06-16
v0.0.0-20260611114217-bd39bcf5e613Low risk02026-06-16
v2.106.0+incompatibleLow risk02026-06-13
v2.105.0+incompatibleLow risk02026-06-07
v2.104.0+incompatibleLow risk02026-06-03

Block this in CI

PkgRadar gates github.com/supabase/cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/supabase/[email protected]
Start free — 25 scans / moView full evidence