PyPI · pypi.org
codex
Credential File Packaged: codex-2.0.0a0/frontend/.npmrc
Why PkgRadar flagged 2.0.0a0
| Severity | Signal | Evidence |
|---|---|---|
| high | Credential File Packaged | codex-2.0.0a0/frontend/.npmrc · codex-2.0.0a0/frontend/.npmrc |
| medium | Py Custom Build Backend | Non-standard PEP 517 build-backend `uv_build` — runs custom code at install time. · pyproject.toml |
| medium | Remote Payload | matched "curl " · codex-2.0.0a0/bin/benchmark-opds.sh |
| medium | Remote Payload | matched "curl " · codex-2.0.0a0/bin/ghcr-prune-alphas.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2.0.0a0 | High risk | 37 | 2026-06-06 |
Block this in CI
pkgradar gate --ecosystem pypi codex==2.0.0a0