Go modules · proxy.golang.org

gitlab.com/data-custodian/custodian/components/contract-manager

Remote Payload: matched "cURL "

Why PkgRadar flagged v0.0.0-20260610072030-447daae0132f

Severity	Signal	Evidence
medium	Remote Payload	matched "cURL " · gitlab.com/data-custodian/custodian/components/[email protected]/internal/design/goa/definition/urls.go
medium	Remote Payload	matched "cURL " · gitlab.com/data-custodian/custodian/components/[email protected]/pkg/ontology/ontology.go
medium	Go Mod Replace Local	go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only. · gitlab.com/data-custodian/custodian/components/[email protected]/go.mod

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`v0.0.0-20260610072030-447daae0132f`	Review	34	2026-06-11
`v0.0.0-20260609115949-50d3802d2011`	Review	34	2026-06-10
`v0.0.0-20260609050105-6f3243289187`	Review	34	2026-06-10
`v0.0.0-20260605152505-adedfb96b527`	Review	34	2026-06-06
`v0.0.0-20260605105946-c301cd624c95`	Review	34	2026-06-06
`v0.0.0-20260605095037-996a9addfc04`	Review	34	2026-06-06
`v0.0.0-20260604163324-c28eba26253b`	Review	34	2026-06-05
`v0.0.0-20260604070036-0ee13fa9a9e7`	Review	34	2026-06-05
`v0.0.0-20260603111040-b5bfd4f35d9e`	Review	34	2026-06-04
`v0.0.0-20260602175018-ce58f6b8f46b`	Review	34	2026-06-03
`v0.0.0-20260602144318-47ad5ad5f773`	Review	34	2026-06-03
`v0.0.0-20260602122323-24965302e21b`	Review	34	2026-06-03
`v0.0.0-20260602121539-d6d5a0d7c3b1`	Review	34	2026-06-03
`v0.0.0-20260601074617-9b9270a22eee`	Review	34	2026-06-02

Block this in CI

PkgRadar gates gitlab.com/data-custodian/custodian/components/contract-manager (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go gitlab.com/data-custodian/custodian/components/[email protected]

Start free — 25 scans / mo View full evidence