PyPI · pypi.org

contrast-agent

Py Import Time Eval Exec: Python eval()/exec() called on a string.

Why PkgRadar flagged 11.4.0

Severity	Signal	Evidence
medium	Py Import Time Eval Exec	Python eval()/exec() called on a string. · contrast_agent-11.4.0/src/contrast_rewriter/__init__.py
medium	Remote Payload	matched "curl " · contrast_agent-11.4.0/src/contrast_vendor/urllib3/fields.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`11.4.0`	Review	10	2026-05-27

Block this in CI

PkgRadar gates contrast-agent (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi contrast-agent==11.4.0