PyPI · pypi.org

csaw

Py Import Time Os System: Direct shell invocation via os.system / os.popen / os.exec*.

Why PkgRadar flagged 0.10.0

Severity	Signal	Evidence
high	Py Import Time Os System	Direct shell invocation via os.system / os.popen / os.exec*. · csaw/__init__.py
medium	Py Import Time Subprocess	subprocess call — process spawning. · csaw/__init__.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.10.0`	High risk	41	2026-06-10
`0.9.0`	High risk	57	2026-06-09
`0.8.2`	High risk	57	2026-05-30
`0.8.1`	High risk	57	2026-05-30
`0.8.0`	High risk	57	2026-05-30
`0.7.2`	High risk	57	2026-05-30

Block this in CI

PkgRadar gates csaw (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi csaw==0.10.0