PkgRadar

PyPI · pypi.org

asreview

Py Install Time Subprocess: subprocess call — process spawning.

Why PkgRadar flagged 3.0.7

SeveritySignalEvidence
mediumPy Install Time Subprocesssubprocess call — process spawning. · asreview-3.0.7/setup.py
mediumRemote Payloadmatched "raw.githubusercontent.com" · asreview-3.0.7/asreview/webapp/src/api/UtilsAPI.js

Scanned versions

VersionVerdictScoreScanned (UTC)
3.0.7Review182026-06-03
3.0.6Review182026-06-01

Block this in CI

PkgRadar gates asreview (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi asreview==3.0.7
Start free — 25 scans / moView full evidence