PkgRadar

PyPI · pypi.org

arkindex-cli

Py Import Time Eval Exec: Python eval()/exec() called on a string.

Why PkgRadar flagged 0.5.1a1

SeveritySignalEvidence
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · arkindex_cli-0.5.1a1/arkindex_cli/commands/upload/alto/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.5.1a1Review122026-06-12
0.5.0Review122026-05-28

Block this in CI

PkgRadar gates arkindex-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi arkindex-cli==0.5.1a1
Start free — 25 scans / moView full evidence