PkgRadar

PyPI · pypi.org

clarity-pi

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 0.53.3

SeveritySignalEvidence
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · clarity_pi-0.53.3/parity_audit.py
mediumCredential file accessmatched "GOOGLE_APPLICATION_CREDENTIALS" · clarity_pi-0.53.3/packages/ai/src/pi_ai/env_api_keys.py
mediumCredential file accessmatched "aws_access_key" · clarity_pi-0.53.3/packages/ai/src/pi_ai/providers/amazon_bedrock.py
mediumCredential file accessmatched "AWS_ACCESS_KEY" · clarity_pi-0.53.3/packages/coding-agent/src/pi_coding_agent/core/model_registry.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.53.3High risk702026-06-11
0.53.2High risk702026-06-11
0.53.1High risk702026-06-11
0.53.0High risk702026-06-11

Block this in CI

PkgRadar gates clarity-pi (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi clarity-pi==0.53.3
Start free — 25 scans / moView full evidence