PkgRadar

PyPI · pypi.org

df-test-framework

Remote Payload: matched "curl "

Why PkgRadar flagged 4.7.3

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · df_test_framework-4.7.3/.github/workflows/scheduled.yml
mediumRemote Payloadmatched "api.github.com/graphql" · df_test_framework-4.7.3/src/df_test_framework/capabilities/clients/graphql/client.py
mediumRemote Payloadmatched "curl " · df_test_framework-4.7.3/src/df_test_framework/cli/templates/cicd/.gitlab-ci.yml
mediumRemote Payloadmatched "curl " · df_test_framework-4.7.3/src/df_test_framework/cli/templates/cicd/.github/workflows/scheduled.yml

Scanned versions

VersionVerdictScoreScanned (UTC)
4.7.3Review392026-05-27
4.7.2Review422026-05-26

Block this in CI

PkgRadar gates df-test-framework (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi df-test-framework==4.7.3
Start free — 25 scans / moView full evidence