PyPI · pypi.org
degirum
Remote Payload: matched "curl "
Why PkgRadar flagged 1.3.1
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · degirum/runtime_installers/onnx/install_onnx.sh |
| medium | Remote Payload | matched "wget " · degirum/runtime_installers/memryx/install_memryx.sh |
| medium | Remote Payload | matched "curl " · degirum/runtime_installers/openvino/install_openvino.sh |
| medium | Remote Payload | matched "curl " · degirum/runtime_installers/axelera/install_axelera.sh |
| medium | Large Native Blob | 12894672 bytes · degirum/compiler.cpython-310-aarch64-linux-gnu.so |
| medium | Large Native Blob | 8396649 bytes · degirum/CoreClient.cpython-310-aarch64-linux-gnu.so |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.3.1 | High risk | 34 | 2026-06-02 |
Block this in CI
pkgradar gate --ecosystem pypi degirum==1.3.1