PkgRadar

Go modules · proxy.golang.org

github.com/timmaaaz/ichor

Shell Credential File Read

Why PkgRadar flagged v0.0.0-20260624201217-c6f85741e31a

SeveritySignalEvidence
highShell Credential File Readgithub.com/timmaaaz/[email protected]/foundation/keystore/keystore.go

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.0.0-20260624201217-c6f85741e31aHigh risk452026-06-26
v0.0.0-20260619192719-30d63618ecd4Low risk02026-06-21
v0.0.0-20260609173712-727d46ce29e7Low risk02026-06-12
v0.0.0-20260608184630-0155c2b110aaLow risk02026-06-10
v0.0.0-20260602193602-be61b39fec82Low risk02026-06-04
v0.0.0-20260601172415-20adcdfe91fdLow risk02026-06-03
v0.0.0-20260529142651-9ac219c4f22aLow risk02026-05-31

Block this in CI

PkgRadar gates github.com/timmaaaz/ichor (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/timmaaaz/[email protected]
Start free — 25 scans / moView full evidence