PyPI · pypi.org
cog
Remote Payload: matched "curl "
Why PkgRadar flagged 0.21.0rc3
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · cog-0.21.0rc3/pkg/cli/serve.go |
| medium | Remote Payload | matched "github.com/org/repo/releases/download" · cog-0.21.0rc3/pkg/model/weightsource/http_test.go |
| medium | Remote Payload | matched "curl " · cog-0.21.0rc3/pkg/util/overwrite_yaml_test.go |
| medium | Remote Payload | matched "github.com/replicate/cog/releases/download" · cog-0.21.0rc3/pkg/wheels/wheels_test.go |
| medium | Remote Payload | matched "github.com/replicate/cog/releases/download" · cog-0.21.0rc3/tools/test-harness/internal/resolver/resolver.go |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.21.0rc3 | High risk | 30 | 2026-06-05 |
0.21.0rc2 | High risk | 30 | 2026-06-02 |
0.21.0rc1 | Review | 30 | 2026-05-29 |
Block this in CI
pkgradar gate --ecosystem pypi cog==0.21.0rc3