PkgRadar

PyPI · pypi.org

duckframework

Credential File Packaged: duckframework-2.0.0/duck/etc/structures/projects/full/.env

Why PkgRadar flagged 2.0.0

SeveritySignalEvidence
highCredential File Packagedduckframework-2.0.0/duck/etc/structures/projects/full/.env · duckframework-2.0.0/duck/etc/structures/projects/full/.env
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · duckframework-2.0.0/duck/html/components/templatetags/__init__.py
highPy Import Time Raw SocketRaw socket creation at install or import time. · duckframework-2.0.0/duck/utils/xsocket/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
2.0.0High risk692026-06-08

Block this in CI

PkgRadar gates duckframework (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi duckframework==2.0.0
Start free — 25 scans / moView full evidence