Go modules · proxy.golang.org

github.com/vulsio/go-kev

Remote Payload: matched "curl "

Why PkgRadar flagged v0.4.3-0.20251106054038-032c89f9be8a

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · github.com/vulsio/[email protected]/go.mod
medium	Remote Payload	matched "curl " · github.com/vulsio/[email protected]/go.sum

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.4.3-0.20251106054038-032c89f9be8a`	Review	24	2026-06-16
`v0.0.0-20260511061439-55bfb3b86611`	Review	24	2026-06-07
`v0.1.3-0.20240904163047-4010f298b50c`	Review	24	2026-06-07
`v0.1.4-0.20260511061439-55bfb3b86611`	Review	24	2026-06-07
`v0.1.4-0.20240424023333-786b3834be7c`	Review	24	2026-06-06
`v0.0.0-20240906070246-3312d3137a50`	Review	24	2026-06-04
`v0.2.1-0.20250217095819-930399a96bc7`	Review	24	2026-06-02

Block this in CI

PkgRadar gates github.com/vulsio/go-kev (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.com/vulsio/[email protected]