- If your local antivirus treats the downloaded archive or executable as suspicious or malicious, you should try to report it as a false positive, e.g. to Symantec on [symsubmit.symantec.com](https://symsubmit.symantec.com) (select "Clean software incorrectly detected"). At the time of the release, no security vendors on [VirusTotal](https://www.virustotal.com) flagged the asset download urls as malicious, but some very few (well below 10%) did flag the zip archive and executable files themselves (see report for each of the assets in expandable section below). The implementation is less than 300 lines of go code, plus a single, commonly used, third party dependency. The source code is automatically run through a vulnerability analysis, using [govulncheck](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck), and a long list of code quality checks (linters), using [golangci-lint](https://golangci-lint.run/) (see [.golangci.yml](https://github.com/albertony/npiperelay/blob/fork/.golangci.yml) for the complete list). If you do worry, you are free to analyse the code yourself, and you can also [build](https://github.com/albertony/npiperelay#building) the executable locally from source.
0 commit comments