PyPI · pypi.org

biothings

Py Import Time Eval Exec: Python eval()/exec() called on a string.

Why PkgRadar flagged 1.1.0

Severity	Signal	Evidence
medium	Py Import Time Eval Exec	Python eval()/exec() called on a string. · biothings-1.1.0/biothings/hub/__init__.py
medium	Py Import Time Eval Exec	Python eval()/exec() called on a string. · biothings-1.1.0/biothings/hub/api/__init__.py
medium	Remote Payload	matched "wget " · biothings-1.1.0/biothings/hub/dataload/dumper.py
medium	Credential file access	matched ".aws/" · biothings-1.1.0/biothings/web/connections.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.1.0`	Review	50	2026-05-30

Block this in CI

PkgRadar gates biothings (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi biothings==1.1.0