PkgRadar

Go modules · proxy.golang.org

github.lovev.site/pingcap/tiup

Go Init Env Token Exfil, Shell Credential File Read, Credential file access +1 more

Why PkgRadar flagged v1.16.5

SeveritySignalEvidence
highGo Init Env Token Exfil
highShell Credential File Read

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
v1.16.5High risk1452026-06-28
v1.16.6-0.20260615062530-0ca2354a289cHigh risk1452026-06-28

Block this in CI

PkgRadar gates github.lovev.site/pingcap/tiup (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go github.lovev.site/pingcap/[email protected]
github.lovev.site/pingcap/tiup — Go modules security scan | PkgRadar