PkgRadar

PyPI · pypi.org

fastapi-fullstack

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 0.2.11

SeveritySignalEvidence
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · fastapi_fullstack-0.2.11/fastapi_gen/cli.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · fastapi_fullstack-0.2.11/fastapi_gen/generator.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · fastapi_fullstack-0.2.11/fastapi_gen/prompts.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · fastapi_fullstack-0.2.11/template/hooks/post_gen_project.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.2.11High risk602026-06-12
0.2.10Review102026-05-27

Campaign attribution

Part of the Shai-Hulud (PyPI) campaign.

Block this in CI

PkgRadar gates fastapi-fullstack (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi fastapi-fullstack==0.2.11
Start free — 25 scans / moView full evidence