PkgRadar

Go modules · proxy.golang.org

github.com/tmc/cove

Remote Payload, Go Mod Replace Local, Credential file access

Why PkgRadar flagged v0.0.0-20260419213138-eebc8096b46e

SeveritySignalEvidence
mediumRemote Payload
mediumRemote Payload
mediumRemote Payload
mediumRemote Payload
mediumGo Mod Replace Local

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.0.0-20260419213138-eebc8096b46eReview392026-07-01
v0.1.1Review392026-07-01
v0.0.0-20260628230138-427221af52d5Review442026-07-01
v0.6.0Review292026-07-01

Block this in CI

PkgRadar gates github.com/tmc/cove (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/tmc/[email protected]
github.com/tmc/cove — Go modules security scan | PkgRadar