PyPI · pypi.org

better-telegram-mcp

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 4.12.7b3

Severity	Signal	Evidence
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · better_telegram_mcp-4.12.7b3/scripts/preserve-diacritics.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`4.12.7b3`	High risk	45	2026-06-10
`4.12.7b2`	High risk	45	2026-06-10
`4.12.7b1`	High risk	45	2026-06-10
`4.12.6`	Review	5	2026-06-09
`4.12.6b1`	Review	5	2026-06-09
`4.12.5`	Review	5	2026-06-07
`4.12.5b1`	Review	5	2026-06-07
`4.12.4`	Review	5	2026-06-01
`4.12.4b1`	Review	5	2026-06-01
`4.12.1`	Review	5	2026-05-30
`4.12.3`	Review	5	2026-05-29
`4.12.2`	Review	5	2026-05-29
`4.12.2b1`	Review	5	2026-05-29
`4.12.1b1`	Review	3	2026-05-28

Campaign attribution

Part of the Shai-Hulud (PyPI) campaign.

Block this in CI

PkgRadar gates better-telegram-mcp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi better-telegram-mcp==4.12.7b3