PyPI · pypi.org

empirica

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 1.11.11

Severity	Signal	Evidence
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · empirica-1.11.11/empirica/cli/command_handlers/compliance_report_commands.py
high	Py Runtime Dynamic Dangerous Import	Dynamic __import__('os') — reflection bypass for static checks. · empirica-1.11.11/empirica/utils/session_resolver.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.11.11`	High risk	80	2026-06-09
`1.11.10`	High risk	40	2026-06-08
`1.11.9`	High risk	40	2026-06-05
`1.11.8`	High risk	40	2026-06-03
`1.11.7`	High risk	40	2026-06-03
`1.11.6`	High risk	40	2026-06-03
`1.11.5`	High risk	40	2026-06-03
`1.11.4`	High risk	40	2026-06-03
`1.11.3`	High risk	40	2026-06-03
`1.11.2`	High risk	40	2026-06-01
`1.11.1`	High risk	40	2026-06-01
`1.11.0`	High risk	40	2026-06-01
`1.10.6`	High risk	40	2026-05-31
`1.10.5`	High risk	40	2026-05-31
`1.10.4`	High risk	40	2026-05-30
`1.10.3`	High risk	40	2026-05-30
`1.10.2`	High risk	40	2026-05-30
`1.10.1`	High risk	40	2026-05-30

Campaign attribution

Part of the Shai-Hulud (PyPI) campaign.

Block this in CI

PkgRadar gates empirica (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi empirica==1.11.11