PyPI · pypi.org

annet

Py Import Time Os System: Direct shell invocation via os.system / os.popen / os.exec*.

Why PkgRadar flagged 4.2.7

Severity	Signal	Evidence
high	Py Import Time Os System	Direct shell invocation via os.system / os.popen / os.exec*. · annet-4.2.7/annet/api/__init__.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`4.2.7`	High risk	25	2026-06-16
`4.2.6`	High risk	25	2026-06-16
`4.2.5`	High risk	25	2026-06-11
`4.2.4`	High risk	25	2026-06-11
`4.2.3`	High risk	25	2026-06-09
`4.2.2`	High risk	25	2026-06-09
`4.2.1`	High risk	25	2026-06-08
`4.2.0`	High risk	25	2026-06-04
`4.1.0`	High risk	25	2026-06-03
`4.0.0`	High risk	25	2026-06-02
`3.30.7`	High risk	25	2026-05-30
`3.30.6`	High risk	25	2026-05-30
`3.30.5`	High risk	25	2026-05-30

Block this in CI

PkgRadar gates annet (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi annet==4.2.7