PkgRadar

PyPI · pypi.org

dagster-pipes

Py Import Time Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 1.13.9

SeveritySignalEvidence
highPy Import Time Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · dagster_pipes-1.13.9/dagster_pipes/__init__.py
mediumPy Import Time Subprocesssubprocess call — process spawning. · dagster_pipes-1.13.9/dagster_pipes/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.13.9High risk402026-06-11
1.13.8High risk402026-06-04
1.13.7High risk402026-05-30

Block this in CI

PkgRadar gates dagster-pipes (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi dagster-pipes==1.13.9
Start free — 25 scans / moView full evidence