Go modules · proxy.golang.org

github.heygears.com/nanovms/ops

Remote Payload: matched "curl "

Why PkgRadar flagged v0.0.0-20260614154432-3fe4dd34e568

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · github.heygears.com/nanovms/[email protected]/cmd/run_local_instance.go
medium	Remote Payload	matched "curl " · github.heygears.com/nanovms/[email protected]/daemon/daemon.go
medium	Remote Payload	matched "cURL " · github.heygears.com/nanovms/[email protected]/provider/digitalocean/digital_ocean_image.go
medium	Remote Payload	matched "curl " · github.heygears.com/nanovms/[email protected]/provider/hetzner/hetzner_image.go
medium	Remote Payload	matched "curl " · github.heygears.com/nanovms/[email protected]/provider/onprem/onprem_instance.go

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260614154432-3fe4dd34e568`	High risk	75	2026-06-16
`v0.0.0-20260531154124-ad0a36ecc9de`	High risk	75	2026-06-02

Block this in CI

PkgRadar gates github.heygears.com/nanovms/ops (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.heygears.com/nanovms/[email protected]