PkgRadar

PyPI · pypi.org

better-code-review-graph

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 3.18.0b6

SeveritySignalEvidence
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · better_code_review_graph-3.18.0b6/scripts/preserve-diacritics.py

Scanned versions

VersionVerdictScoreScanned (UTC)
3.18.0b6High risk402026-06-15
3.18.0b5High risk402026-06-13
3.18.0b4High risk402026-06-12
3.18.0b3High risk402026-06-11
3.18.0b1High risk402026-06-11
3.17.2b2High risk402026-06-10
3.17.2b1High risk402026-06-10
3.17.1Low risk02026-06-09
3.17.1b1Low risk02026-06-09
3.17.0Low risk02026-06-07
3.17.0b1Low risk02026-06-07
3.16.4Low risk02026-06-01
3.16.4b1Low risk02026-06-01
3.16.3Low risk02026-05-29
3.16.2Low risk02026-05-29
3.16.2b1Low risk02026-05-29
3.16.1Low risk02026-05-28
3.16.1b1Review32026-05-28

Campaign attribution

Part of the Shai-Hulud (PyPI) campaign.

Block this in CI

PkgRadar gates better-code-review-graph (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi better-code-review-graph==3.18.0b6
Start free — 25 scans / moView full evidence