PkgRadar

PyPI · pypi.org

ducktools-classbuilder

Py Import Time Eval Exec: Python eval()/exec() called on a string.

Why PkgRadar flagged 0.15.0

SeveritySignalEvidence
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · ducktools_classbuilder-0.15.0/src/ducktools/classbuilder/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.15.1Low risk02026-06-14
0.15.0Review122026-06-02
0.14.2Review122026-05-27
0.14.1Review122026-05-27

Block this in CI

PkgRadar gates ducktools-classbuilder (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi ducktools-classbuilder==0.15.0
Start free — 25 scans / moView full evidence