PkgRadar

PyPI · pypi.org

evidentia-collectors

Remote Payload: matched "curl "

Why PkgRadar flagged 0.10.6

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · evidentia_collectors-0.10.6/src/evidentia_collectors/sql/mssql/__init__.py
mediumCredential file accessmatched "GITHUB_TOKEN" · evidentia_collectors-0.10.6/src/evidentia_collectors/github/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.10.9Low risk02026-06-12
0.10.8Low risk02026-06-05
0.10.7Low risk02026-05-31
0.10.6Review422026-05-27

Block this in CI

PkgRadar gates evidentia-collectors (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi evidentia-collectors==0.10.6
Start free — 25 scans / moView full evidence