PyPI · pypi.org

ayase

Py Import Time Subprocess: subprocess call — process spawning.

Why PkgRadar flagged 0.1.54

Severity	Signal	Evidence
medium	Py Import Time Subprocess	subprocess call — process spawning. · ayase-0.1.54/src/ayase/vendor/t2v_metrics/__init__.py
high	Py Runtime Base64 Decode	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · ayase-0.1.54/src/ayase/vendor/t2v_metrics/models/vqascore_models/tarsier/dataset/custom_data_parsers/utils.py
medium	Py Import Time Eval Exec	Python eval()/exec() called on a string. · ayase-0.1.54/src/ayase/vendor/t2v_metrics/models/clipscore_models/umt/models/backbones/vit/__init__.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.1.54`	High risk	86	2026-06-10
`0.1.53`	High risk	86	2026-05-30
`0.1.52`	High risk	86	2026-05-30

Block this in CI

PkgRadar gates ayase (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi ayase==0.1.54