Go modules · proxy.golang.org
github.com/velda-io/velda
Remote Payload: matched "curl "
Why PkgRadar flagged v1.1.5-0.20260603063942-7002b0a719b0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · github.com/velda-io/[email protected]/pkg/broker/backends/aws/aws.go |
| medium | Remote Payload | matched "curl " · github.com/velda-io/[email protected]/pkg/broker/backends/digitalocean/digitalocean.go |
| medium | Remote Payload | matched "curl " · github.com/velda-io/[email protected]/pkg/broker/backends/nebius/nebius.go |
| medium | Remote Payload | matched "curl " · github.com/velda-io/[email protected]/pkg/broker/backends/sshconnector/ssh_connector.go |
| medium | Go Mod Replace Local | go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only. · github.com/velda-io/[email protected]/go.mod |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v1.1.5-0.20260603063942-7002b0a719b0 | High risk | 58 | 2026-06-06 |
v0.0.0-20260603063942-7002b0a719b0 | High risk | 58 | 2026-06-06 |
v1.1.5-0.20260602074907-682a4ed003e1 | High risk | 58 | 2026-06-03 |
Block this in CI
pkgradar gate --ecosystem go github.com/velda-io/[email protected]