PyPI · pypi.org

byzerllm

Py Import Time Subprocess: subprocess call — process spawning.

Why PkgRadar flagged 0.1.212

Severity	Signal	Evidence
medium	Py Import Time Subprocess	subprocess call — process spawning. · byzerllm-0.1.212/src/byzerllm/utils/fulltune/pretrain/__init__.py
medium	Py Import Time Subprocess	subprocess call — process spawning. · byzerllm-0.1.212/src/byzerllm/utils/sft/__init__.py
high	Py Runtime Base64 Decode	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · byzerllm-0.1.212/src/byzerllm/byzerllm_command.py
medium	Py Import Time Eval Exec	Python eval()/exec() called on a string. · byzerllm-0.1.212/src/byzerllm/utils/__init__.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.1.212`	High risk	73	2026-06-11
`0.1.210`	High risk	73	2026-06-11
`0.1.209`	High risk	73	2026-06-11

Block this in CI

PkgRadar gates byzerllm (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi byzerllm==0.1.212