PyPI · pypi.org

ciris-agent

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 2.9.6

Severity	Signal	Evidence
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · ciris_adapters/bird/service.py
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · ciris_adapters/mcporter/service.py
high	Credential file access	matched "aws_access_key" · ciris_engine/schemas/api/config_security.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.9.6`	High risk	95	2026-06-13
`2.9.5`	High risk	45	2026-06-07
`2.9.4`	High risk	45	2026-05-31
`2.9.3`	High risk	45	2026-05-30
`2.9.2`	High risk	45	2026-05-30

Block this in CI

PkgRadar gates ciris-agent (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi ciris-agent==2.9.6