Go modules · proxy.golang.org
sourcegraph.com/sourcegraph/src-cli
Remote Payload: matched "curl "
Why PkgRadar flagged v0.0.0-20260610134424-65413c2eb780
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · sourcegraph.com/sourcegraph/[email protected]/cmd/src/api.go |
| medium | Remote Payload | matched "Curl " · sourcegraph.com/sourcegraph/[email protected]/internal/api/flags.go |
| medium | Remote Payload | matched "cURL " · sourcegraph.com/sourcegraph/[email protected]/internal/batches/ui/json_lines.go |
| medium | Remote Payload | matched "cURL " · sourcegraph.com/sourcegraph/[email protected]/internal/batches/ui/tui.go |
| medium | Remote Payload | matched "curl " · sourcegraph.com/sourcegraph/[email protected]/internal/clicompat/api_flags.go |
| medium | Go Mod Replace Local | go.mod replace directive redirects to a local filesystem path — non-portable / dev-time only. · sourcegraph.com/sourcegraph/[email protected]/go.mod |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
v0.0.0-20260610134424-65413c2eb780 | High risk | 70 | 2026-06-11 |
v0.0.0-20260602152915-65e12ede57d1 | High risk | 70 | 2026-06-05 |
v0.0.0-20260601113721-c538ad1f0372 | High risk | 70 | 2026-06-02 |
v0.0.0-20260601095101-06cd2cd0ebeb | High risk | 70 | 2026-06-02 |
Block this in CI
pkgradar gate --ecosystem go sourcegraph.com/sourcegraph/[email protected]