PyPI · pypi.org

codehydra

Py Import Time Os System: Direct shell invocation via os.system / os.popen / os.exec*.

Why PkgRadar flagged 2026.6.9

Severity	Signal	Evidence
high	Py Import Time Os System	Direct shell invocation via os.system / os.popen / os.exec*. · codehydra-2026.6.9/src/codehydra/__init__.py
medium	Py Import Time Subprocess	subprocess call — process spawning. · codehydra-2026.6.9/src/codehydra/__init__.py
medium	Py Custom Build Backend	Non-standard PEP 517 build-backend `uv_build` — runs custom code at install time. · pyproject.toml

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2026.6.9`	High risk	97	2026-06-09

Block this in CI

PkgRadar gates codehydra (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi codehydra==2026.6.9