PkgRadar

PyPI · pypi.org

deepchem

Py Install Time Eval Exec: Python eval()/exec() called on a string.

Why PkgRadar flagged 2.8.1.dev20260608233732

SeveritySignalEvidence
mediumPy Install Time Eval ExecPython eval()/exec() called on a string. · deepchem-2.8.1.dev20260608233732/setup.py

Scanned versions

VersionVerdictScoreScanned (UTC)
2.8.1.dev20260608233732Review132026-06-08
2.8.1.dev20260608233623Review132026-06-08
2.8.1.dev20260608233657Review132026-06-08
2.8.1.dev20260608224216Review132026-06-08

Block this in CI

PkgRadar gates deepchem (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi deepchem==2.8.1.dev20260608233732
Start free — 25 scans / moView full evidence