PkgRadar

PyPI · pypi.org

addventure

Py Runtime Dynamic Dangerous Import: Dynamic __import__('sys') — reflection bypass for static checks.

Why PkgRadar flagged 2.1.1

SeveritySignalEvidence
highPy Runtime Dynamic Dangerous ImportDynamic __import__('sys') — reflection bypass for static checks. · addventure-2.1.1/src/addventure/pdf_writer.py
mediumRemote Payloadmatched "curl " · addventure-2.1.1/generate-social-image.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
2.1.1High risk422026-06-05
2.1.0High risk422026-06-05

Block this in CI

PkgRadar gates addventure (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi addventure==2.1.1
Start free — 25 scans / moView full evidence