PkgRadar

PyPI · pypi.org

dreamgen

Remote Payload: matched "curl "

Why PkgRadar flagged 1.8.0

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · dreamgen-1.8.0/docker-entrypoint.sh
mediumRemote Payloadmatched "curl " · dreamgen-1.8.0/sanity-check.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
1.8.1Low risk02026-06-07
1.8.0Review162026-06-01
1.7.0Review162026-05-31
1.6.0Review162026-05-31
1.5.0Review162026-05-31
1.4.1Review162026-05-30
1.4.0Review162026-05-30
1.3.0Review242026-05-30
1.2.0Review242026-05-30

Block this in CI

PkgRadar gates dreamgen (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi dreamgen==1.8.0
Start free — 25 scans / moView full evidence
dreamgen — PyPI security scan | PkgRadar