PkgRadar

Go modules · proxy.golang.org

github.com/usewhale/whale

Remote Payload: matched "curl "

Why PkgRadar flagged v0.1.48

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · github.com/usewhale/[email protected]/internal/policy/policy_defaults.go
mediumRemote Payloadmatched "iwr " · github.com/usewhale/[email protected]/internal/updatecheck/updatecheck.go
mediumRemote Payloadmatched "raw.githubusercontent.com" · github.com/usewhale/[email protected]/internal/webfetch/webfetch.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.1.48High risk362026-06-12
v0.1.48-0.20260611100604-9f23ff38b4a4High risk362026-06-12
v0.1.46High risk362026-06-12
v0.1.43High risk362026-06-12
v0.1.44High risk362026-06-12
v0.1.37High risk362026-06-04
v0.1.28High risk362026-06-03
v0.1.27Review242026-06-03
v0.1.25Review242026-06-03
v0.1.35High risk362026-06-03
v0.1.32High risk362026-06-03
v0.1.29High risk362026-06-03
v0.1.33High risk362026-06-03
v0.1.36High risk362026-06-03
v0.1.32-0.20260601045739-9e0a2e6233caHigh risk362026-06-02
v0.1.26Review242026-06-02
v0.1.31High risk362026-06-02
v0.1.23-0.20260528012243-3e533cae179eReview242026-05-30

Block this in CI

PkgRadar gates github.com/usewhale/whale (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/usewhale/[email protected]
Start free — 25 scans / moView full evidence