PkgRadar

Go modules · proxy.golang.org

matto.club/vetrina/fakedata

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged v0.0.3

SeveritySignalEvidence
mediumRemote Payloadmatched "raw.githubusercontent.com" · matto.club/vetrina/[email protected]/tools/import/corpora.go
mediumRemote Payloadmatched "raw.githubusercontent.com" · matto.club/vetrina/[email protected]/tools/import/names.go
mediumRemote Payloadmatched "raw.githubusercontent.com" · matto.club/vetrina/[email protected]/tools/import/world.go

Scanned versions

VersionVerdictScoreScanned (UTC)
v0.0.3High risk362026-06-05
v0.0.4High risk362026-06-05
v0.0.0-20260604091204-114bf28e8da9Low risk02026-06-05
v0.0.1Low risk02026-06-05
v0.0.2Low risk02026-06-05

Block this in CI

PkgRadar gates matto.club/vetrina/fakedata (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem go matto.club/vetrina/[email protected]
Start free — 25 scans / moView full evidence