Go modules · proxy.golang.org
github.com/tschaefer/finchctl
Remote Payload: matched "github.com/grafana/alloy/releases/download"
Why PkgRadar flagged v0.0.0-20260607053928-9aededc42dc4
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "github.com/grafana/alloy/releases/download" · github.com/tschaefer/[email protected]/internal/agent/deploy.go |
| medium | Remote Payload | matched "curl " · github.com/tschaefer/[email protected]/internal/service/docker.go |
| medium | Remote Payload | matched "curl " · github.com/tschaefer/[email protected]/internal/service/requirements.go |
| medium | Credential file access | matched ".ssh/" · github.com/tschaefer/[email protected]/cmd/completion/completion.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.0.0-20260607053928-9aededc42dc4 | High risk | 46 | 2026-06-08 |
Block this in CI
pkgradar gate --ecosystem go github.com/tschaefer/[email protected]