Go modules · proxy.golang.org
github.com/wormhole-foundation/wormhole/node
Remote Payload: matched "cURL "
Why PkgRadar flagged v0.0.0-20260615230229-a7500b66f1ea
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "cURL " · github.com/wormhole-foundation/wormhole/[email protected]/cmd/ccq/p2p.go |
| medium | Remote Payload | matched "cURL " · github.com/wormhole-foundation/wormhole/[email protected]/cmd/guardiand/node.go |
| medium | Remote Payload | matched "cUrl " · github.com/wormhole-foundation/wormhole/[email protected]/cmd/spy/vaa_verifier.go |
| medium | Remote Payload | matched "curl " · github.com/wormhole-foundation/wormhole/[email protected]/go.sum |
| medium | Remote Payload | matched "cURL " · github.com/wormhole-foundation/wormhole/[email protected]/pkg/manager/reader.go |
| medium | Remote Payload | matched "cURL " · github.com/wormhole-foundation/wormhole/[email protected]/pkg/suiclient/suigrpc.go |
| medium | Remote Payload | matched "cUrl " · github.com/wormhole-foundation/wormhole/[email protected]/pkg/watchers/solana/client.go |
| medium | Go Mod Replace Local | go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only. · github.com/wormhole-foundation/wormhole/[email protected]/go.mod |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.0.0-20260615230229-a7500b66f1ea | High risk | 94 | 2026-06-16 |
v0.0.0-20260612173836-48258bc67e57 | High risk | 94 | 2026-06-14 |
v0.0.0-20260610171603-3041c74836bd | High risk | 94 | 2026-06-11 |
v0.0.0-20260605144433-b943bb85603f | High risk | 94 | 2026-06-06 |
v0.0.0-20260529143637-aa2aac0100c0 | Review | 82 | 2026-05-30 |
v0.0.0-20260528191307-79fc4b784aee | Review | 82 | 2026-05-29 |
Block this in CI
pkgradar gate --ecosystem go github.com/wormhole-foundation/wormhole/[email protected]