First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
2
Score
100/100
Findings (2)
Detects go install fetching and compiling arbitrary Go packages
go
install
google.golang.org/protobuf/cmd/protoc-gen-go@Pin Go install targets to a specific version (e.g., go install example.com/tool@v1.2.3). Avoid @latest as it fetches whatever is currently published.
Likely FP if the go install target is a well-known tool (e.g., golang.org/x/ packages) pinned to a specific version in documentation.
Detects go install fetching and compiling arbitrary Go packages
go
install
google.golang.org/grpc/cmd/protoc-gen-go-grpc@Pin Go install targets to a specific version (e.g., go install example.com/tool@v1.2.3). Avoid @latest as it fetches whatever is currently published.
Likely FP if the go install target is a well-known tool (e.g., golang.org/x/ packages) pinned to a specific version in documentation.