PkgRadar

PyPI · pypi.org

exordos

Remote Payload: matched "curl "

Why PkgRadar flagged 2.5.5

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · exordos-2.5.5/etc/install.sh
mediumRemote Payloadmatched "curl " · exordos-2.5.5/exordos/templates/platformizers/languages/node20/genesis/images/install.sh
mediumRemote Payloadmatched "curl " · exordos-2.5.5/exordos/templates/platformizers/languages/node22/genesis/images/install.sh
mediumRemote Payloadmatched "curl " · exordos-2.5.5/exordos/templates/platformizers/languages/node24/genesis/images/install.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
2.5.5High risk632026-06-11
2.5.4High risk632026-06-11
2.5.3High risk632026-06-11
2.5.2High risk632026-06-11
2.5.1High risk632026-06-03
2.5.0High risk632026-06-02
2.4.1High risk632026-06-01
2.3.1High risk632026-05-30
2.3.0High risk632026-05-30
2.4.0Review632026-05-29

Block this in CI

PkgRadar gates exordos (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi exordos==2.5.5
Start free — 25 scans / moView full evidence