PyPI · pypi.org

aacode

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 1.7.16

Severity	Signal	Evidence
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · aacode-1.7.16/aacode/utils/safety.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.7.16`	High risk	40	2026-06-14
`1.7.15`	High risk	40	2026-06-13
`1.7.14`	High risk	40	2026-06-11
`1.7.13`	High risk	40	2026-06-09
`1.7.12`	Low risk	0	2026-06-08
`1.7.11`	Low risk	0	2026-06-07
`1.7.10`	Low risk	0	2026-06-06
`1.7.9`	Low risk	0	2026-06-02
`1.7.8`	Low risk	0	2026-05-31
`1.7.7`	Low risk	0	2026-05-30
`1.7.5`	Review	29	2026-05-27

Campaign attribution

Part of the Shai-Hulud (PyPI) campaign.

Block this in CI

PkgRadar gates aacode (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi aacode==1.7.16