PyPI · pypi.org

entroly

Py Runtime Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.

Why PkgRadar flagged 1.0.24

Severity	Signal	Evidence
high	Py Runtime Dynamic Dangerous Import	Dynamic __import__('os') — reflection bypass for static checks. · entroly-1.0.24/entroly/dashboard.py
medium	Remote Payload	matched "api.telegram.org/bot" · entroly-1.0.24/entroly-wasm/js/gateways.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.0.24`	High risk	52	2026-06-11
`1.0.23`	High risk	52	2026-06-10
`1.0.22`	High risk	52	2026-06-08
`1.0.20`	High risk	52	2026-06-07
`1.0.19`	High risk	52	2026-06-07
`1.0.18`	High risk	52	2026-06-06
`1.0.17`	High risk	52	2026-06-05
`1.0.16`	High risk	52	2026-06-05
`1.0.15`	High risk	52	2026-06-04
`1.0.14`	High risk	52	2026-06-03
`1.0.13`	High risk	52	2026-06-01
`1.0.11`	High risk	52	2026-05-30
`1.0.9`	High risk	52	2026-05-30
`1.0.8`	High risk	52	2026-05-30
`1.0.7`	High risk	52	2026-05-30

Block this in CI

PkgRadar gates entroly (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi entroly==1.0.24