PkgRadar

PyPI · pypi.org

ccx-messaging

Remote Payload: matched "curl "

Why PkgRadar flagged 4.3.8

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · ccx_messaging-4.3.8/deploy/upload-ephemeral.sh
mediumCredential file accessmatched "AWS_ACCESS_KEY" · ccx_messaging-4.3.8/ccx_messaging/utils/logging.py

Scanned versions

VersionVerdictScoreScanned (UTC)
4.3.8Review332026-05-29
4.3.7Review332026-05-29

Block this in CI

PkgRadar gates ccx-messaging (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi ccx-messaging==4.3.8
Start free — 25 scans / moView full evidence