PyPI · pypi.org
esphome
Py Import Time Subprocess: subprocess call — process spawning.
Why PkgRadar flagged 2026.6.0b3
| Severity | Signal | Evidence |
|---|---|---|
| medium | Py Import Time Subprocess | subprocess call — process spawning. · esphome-2026.6.0b3/esphome/analyze_memory/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · esphome-2026.6.0b3/esphome/components/esp32/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · esphome-2026.6.0b3/esphome/components/esp8266/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · esphome-2026.6.0b3/esphome/components/nrf52/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · esphome-2026.6.0b3/esphome/components/rp2040/__init__.py |
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · esphome-2026.6.0b3/esphome/dashboard/web_server.py |
| high | Py Import Time Network Call | Network call (urllib/requests/httpx/http.client) at install or import time. · esphome-2026.6.0b3/esphome/components/dashboard_import/__init__.py |
| high | Py Import Time Network Call | Network call (urllib/requests/httpx/http.client) at install or import time. · esphome-2026.6.0b3/esphome/components/esp32/__init__.py |
| high | Py Import Time Network Call | Network call (urllib/requests/httpx/http.client) at install or import time. · esphome-2026.6.0b3/esphome/components/font/__init__.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2026.6.0b3 | Review | 40 | 2026-06-16 |
2026.6.0b2 | Review | 40 | 2026-06-15 |
2026.6.0b1 | Review | 40 | 2026-06-11 |
2026.5.3 | Review | 40 | 2026-06-05 |
2026.5.2 | Review | 40 | 2026-06-02 |
Block this in CI
pkgradar gate --ecosystem pypi esphome==2026.6.0b3