Go modules · proxy.golang.org

github.com/valargroup/vote-sdk

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged v0.11.8

Severity	Signal	Evidence
medium	Remote Payload	matched "raw.githubusercontent.com" · github.com/valargroup/[email protected]/cmd/svoted/cmd/commands.go
medium	Remote Payload	matched "cURL " · github.com/valargroup/[email protected]/internal/admin/admin.go
medium	Remote Payload	matched "raw.githubusercontent.com" · github.com/valargroup/[email protected]/internal/admin/types.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.11.8`	High risk	36	2026-06-12
`v1.0.1`	High risk	36	2026-06-12
`v0.11.7`	High risk	36	2026-06-12
`v1.0.4-0.20260605204102-cb915f511792`	High risk	36	2026-06-12
`v0.11.3`	High risk	36	2026-06-12

Block this in CI

PkgRadar gates github.com/valargroup/vote-sdk (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/valargroup/[email protected]