PyPI · pypi.org

colonyai

Py Install Time Subprocess: subprocess call — process spawning.

Why PkgRadar flagged 0.21.8

Severity	Signal	Evidence
medium	Py Install Time Subprocess	subprocess call — process spawning. · colonyai-0.21.8/colony_sidecar/setup.py
medium	Py Install Time Subprocess	subprocess call — process spawning. · colonyai-0.21.8/colony_sidecar/vector/setup.py
medium	Remote Payload	matched "curl " · colonyai-0.21.8/colony_sidecar/setup.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.21.8`	Review	62	2026-06-11
`0.21.7`	Review	62	2026-06-11
`0.21.6`	Review	62	2026-06-11
`0.21.5`	Review	62	2026-06-11
`0.21.4`	Review	62	2026-06-11
`0.21.3`	Review	62	2026-06-11
`0.21.2`	Review	62	2026-06-11
`0.21.0`	Review	62	2026-06-11
`0.20.0`	Review	62	2026-06-10
`0.19.0`	Review	62	2026-06-10
`0.18.0`	Review	62	2026-06-10
`0.17.0`	Review	62	2026-06-10
`0.16.0`	Review	62	2026-06-10

Block this in CI

PkgRadar gates colonyai (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi colonyai==0.21.8